General
-
Target
8b72c3728a095b294db68c6f0c809e805623323db58cf89c1db104d9d6b50126
-
Size
171KB
-
Sample
221120-j3db3shb3x
-
MD5
1a60868b12e1326825dafdb6ea41604a
-
SHA1
92128b9c49988241a99f5d4b9d526803c557a8d5
-
SHA256
8b72c3728a095b294db68c6f0c809e805623323db58cf89c1db104d9d6b50126
-
SHA512
72d6051ef6481e0ed4f159ed73afd66cab40fa80fa84e39658d69507e1c8928b13530e01a963988bef7221c6f39ef1a362416519f698df7bf12341b76afa9b4a
-
SSDEEP
3072:KGgaeKorhubcyC+fucoMohzmK33lHJs9fR8PhaYQ5PuuuuuuuuuuuuuuuuuuuuuY:Ya7nlV/oMohyKH0RSkJpuuuuuuuuuuug
Static task
static1
Behavioral task
behavioral1
Sample
8b72c3728a095b294db68c6f0c809e805623323db58cf89c1db104d9d6b50126.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://212.58.20.11/forum/viewtopic.php
http://69.164.220.104:8080/forum/viewtopic.php
-
payload_url
http://sarpmaden.com.tr/eA6xk.exe
http://usemines.rd-h.com/YrHiHG4.exe
Targets
-
-
Target
8b72c3728a095b294db68c6f0c809e805623323db58cf89c1db104d9d6b50126
-
Size
171KB
-
MD5
1a60868b12e1326825dafdb6ea41604a
-
SHA1
92128b9c49988241a99f5d4b9d526803c557a8d5
-
SHA256
8b72c3728a095b294db68c6f0c809e805623323db58cf89c1db104d9d6b50126
-
SHA512
72d6051ef6481e0ed4f159ed73afd66cab40fa80fa84e39658d69507e1c8928b13530e01a963988bef7221c6f39ef1a362416519f698df7bf12341b76afa9b4a
-
SSDEEP
3072:KGgaeKorhubcyC+fucoMohzmK33lHJs9fR8PhaYQ5PuuuuuuuuuuuuuuuuuuuuuY:Ya7nlV/oMohyKH0RSkJpuuuuuuuuuuug
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-