General
-
Target
295ae7c8995c316d88b50a13e492c71c31df53b724e3cdec571e9b3dc189ae2f
-
Size
131KB
-
Sample
221120-k6ejzsfc66
-
MD5
50e0ec52d81a2ccc00f0da36477fd370
-
SHA1
5f7b63503fa73885f12f4172741666d36d8c02dd
-
SHA256
295ae7c8995c316d88b50a13e492c71c31df53b724e3cdec571e9b3dc189ae2f
-
SHA512
f7b3db027f7d2af7abc9cc528a4c5cfa3886e5c22feba3129c9e8653319abe876a37818f75933581a23e36248ae560101ffae21eaba5360f855a27518ae17271
-
SSDEEP
3072:apHfi7nmw4Lql/8TahfeYJr6YJfwizm5aYuh5RgC:apHqSdLmGoWYJrhJ5zoaYuh5R
Static task
static1
Behavioral task
behavioral1
Sample
295ae7c8995c316d88b50a13e492c71c31df53b724e3cdec571e9b3dc189ae2f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
295ae7c8995c316d88b50a13e492c71c31df53b724e3cdec571e9b3dc189ae2f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://116.122.158.195:8080/forum/viewtopic.php
http://hurricanesavingsgift.com/forum/viewtopic.php
http://hurricaneshuttersdiscount.com/forum/viewtopic.php
-
payload_url
http://www.kavalevent.com/CehCBf2.exe
http://jossboutique.fr/dq8k3nhy.exe
http://applehospital.com/gP9t.exe
http://spireportal.net/5ay2n.exe
http://ray.tc/ZZasL.exe
Targets
-
-
Target
295ae7c8995c316d88b50a13e492c71c31df53b724e3cdec571e9b3dc189ae2f
-
Size
131KB
-
MD5
50e0ec52d81a2ccc00f0da36477fd370
-
SHA1
5f7b63503fa73885f12f4172741666d36d8c02dd
-
SHA256
295ae7c8995c316d88b50a13e492c71c31df53b724e3cdec571e9b3dc189ae2f
-
SHA512
f7b3db027f7d2af7abc9cc528a4c5cfa3886e5c22feba3129c9e8653319abe876a37818f75933581a23e36248ae560101ffae21eaba5360f855a27518ae17271
-
SSDEEP
3072:apHfi7nmw4Lql/8TahfeYJr6YJfwizm5aYuh5RgC:apHqSdLmGoWYJrhJ5zoaYuh5R
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-