General
-
Target
c287c5e2760d1b248a900af378d4c3a9322c3298fb8fe4298f7ecd565e7d5e19
-
Size
109KB
-
Sample
221119-hd5vcsha86
-
MD5
451ee83ee11df08bbe0b0a13299cdc3c
-
SHA1
8c8e066dd3ffc3cda915a64ce6119b95872d8d91
-
SHA256
c287c5e2760d1b248a900af378d4c3a9322c3298fb8fe4298f7ecd565e7d5e19
-
SHA512
c3f1804be64c315b2a2b9728dbf912d5b031251160d0d8a686d86f10ab28fe6272c29f52bca817b3021d230ab0ab2fa966c73a910a1b842fdc61a822c17f78c0
-
SSDEEP
1536:kKDu5dVimMvJEKrVUhRvC5UtWquTrlcp3caCD9wjGClQ00nWziGb3CiI0saiLPC1:k0uPViJ6KWaUt22vCA10nWziG+HH52
Static task
static1
Behavioral task
behavioral1
Sample
c287c5e2760d1b248a900af378d4c3a9322c3298fb8fe4298f7ecd565e7d5e19.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c287c5e2760d1b248a900af378d4c3a9322c3298fb8fe4298f7ecd565e7d5e19.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://joycethomasdermathensga.info/forum/viewtopic.php
http://jthomasmddermathensga.com/forum/viewtopic.php
http://mcontrerasrealty.com/forum/viewtopic.php
http://e-babybooks.com/forum/viewtopic.php
-
payload_url
http://test.lmpferrara.com/hfpRY.exe
http://palmsodyssey.org/GR7j.exe
http://jumpsuit.se/K8WMa.exe
http://207.57.251.143/zxiso3xP.exe
Targets
-
-
Target
c287c5e2760d1b248a900af378d4c3a9322c3298fb8fe4298f7ecd565e7d5e19
-
Size
109KB
-
MD5
451ee83ee11df08bbe0b0a13299cdc3c
-
SHA1
8c8e066dd3ffc3cda915a64ce6119b95872d8d91
-
SHA256
c287c5e2760d1b248a900af378d4c3a9322c3298fb8fe4298f7ecd565e7d5e19
-
SHA512
c3f1804be64c315b2a2b9728dbf912d5b031251160d0d8a686d86f10ab28fe6272c29f52bca817b3021d230ab0ab2fa966c73a910a1b842fdc61a822c17f78c0
-
SSDEEP
1536:kKDu5dVimMvJEKrVUhRvC5UtWquTrlcp3caCD9wjGClQ00nWziGb3CiI0saiLPC1:k0uPViJ6KWaUt22vCA10nWziG+HH52
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-