General
-
Target
f5e5c1841e1abe72d22fc1b595aaaeded95a5b5ff8b294a5d839ffcbf24057d1
-
Size
137KB
-
Sample
221120-hvn8yaca46
-
MD5
32e88ff52de6f79ee1bf70df1257fc6e
-
SHA1
d7e9178aefa635a2e56d90be2f642b4288ca2d4d
-
SHA256
f5e5c1841e1abe72d22fc1b595aaaeded95a5b5ff8b294a5d839ffcbf24057d1
-
SHA512
e8f2419c3a3a4392bdaa0ab1dbcb26354ee043703ef2ad0ab66d0c1fd7e8937fcb8d2136b119a6ebaf3659899ffc24264f6661344708b582fc7a0d27d3686e66
-
SSDEEP
3072:5Mjnq2BgLEDVwxotVl6ZWsUP1eY0vMeYq7uPj2npO5ajD37tkDNA:MVl6ZbU9cQT2npOsZkhA
Static task
static1
Behavioral task
behavioral1
Sample
f5e5c1841e1abe72d22fc1b595aaaeded95a5b5ff8b294a5d839ffcbf24057d1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f5e5c1841e1abe72d22fc1b595aaaeded95a5b5ff8b294a5d839ffcbf24057d1.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://angels-mail.com:8080/forum/viewtopic.php
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://palmspringscondovacationrentals.com/forum/viewtopic.php
http://luxuryvacationrentalpalmsprings.com/forum/viewtopic.php
-
payload_url
http://www.kgsindia.in/C0eZzx5m.exe
http://destek.sahrasoft.com/mEcrK.exe
http://panachetechsolutions.com/xaZ4e.exe
Targets
-
-
Target
f5e5c1841e1abe72d22fc1b595aaaeded95a5b5ff8b294a5d839ffcbf24057d1
-
Size
137KB
-
MD5
32e88ff52de6f79ee1bf70df1257fc6e
-
SHA1
d7e9178aefa635a2e56d90be2f642b4288ca2d4d
-
SHA256
f5e5c1841e1abe72d22fc1b595aaaeded95a5b5ff8b294a5d839ffcbf24057d1
-
SHA512
e8f2419c3a3a4392bdaa0ab1dbcb26354ee043703ef2ad0ab66d0c1fd7e8937fcb8d2136b119a6ebaf3659899ffc24264f6661344708b582fc7a0d27d3686e66
-
SSDEEP
3072:5Mjnq2BgLEDVwxotVl6ZWsUP1eY0vMeYq7uPj2npO5ajD37tkDNA:MVl6ZbU9cQT2npOsZkhA
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-