General
-
Target
8541aa3308d13485e05e1cf3e107c53a3d6688053960db61e2cde6c1c8e14b14
-
Size
137KB
-
Sample
221120-j51v6adg96
-
MD5
3634850f4a0042a1746c5f5766a6d770
-
SHA1
ed10948770ccef4d54ac417d089eb66829b4d9b3
-
SHA256
8541aa3308d13485e05e1cf3e107c53a3d6688053960db61e2cde6c1c8e14b14
-
SHA512
ba4940dbc580431c099a8c567987bb658a77e1c43ccb013df5ff1e39080bedae4535a7edd233fbeb38f119277dc08a3d25f1332dce2f97e595c3a847ab38f4e2
-
SSDEEP
3072:91Jh2TyD7gFC7EmJn4y2CvqhXrN+8WvxT9ExKfmhAponQ7Gi7WL3e:PvENcxq82nQNKS
Static task
static1
Behavioral task
behavioral1
Sample
8541aa3308d13485e05e1cf3e107c53a3d6688053960db61e2cde6c1c8e14b14.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8541aa3308d13485e05e1cf3e107c53a3d6688053960db61e2cde6c1c8e14b14.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://angels-mail.com:8080/forum/viewtopic.php
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://hollywoodhillscondos.com/forum/viewtopic.php
http://housesforrentinpalmspringsca.com/forum/viewtopic.php
-
payload_url
http://embeddedcoaching.org/KbTsFC.exe
http://www.younielawnscapes.com/it6.exe
http://files.seventilmidnight.com/ymQaMUe.exe
Targets
-
-
Target
8541aa3308d13485e05e1cf3e107c53a3d6688053960db61e2cde6c1c8e14b14
-
Size
137KB
-
MD5
3634850f4a0042a1746c5f5766a6d770
-
SHA1
ed10948770ccef4d54ac417d089eb66829b4d9b3
-
SHA256
8541aa3308d13485e05e1cf3e107c53a3d6688053960db61e2cde6c1c8e14b14
-
SHA512
ba4940dbc580431c099a8c567987bb658a77e1c43ccb013df5ff1e39080bedae4535a7edd233fbeb38f119277dc08a3d25f1332dce2f97e595c3a847ab38f4e2
-
SSDEEP
3072:91Jh2TyD7gFC7EmJn4y2CvqhXrN+8WvxT9ExKfmhAponQ7Gi7WL3e:PvENcxq82nQNKS
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-