General
-
Target
4cad786f8f4926854998a4046f5e4d48432550ad1df7d743a3ea2ccaa1c6288e
-
Size
134KB
-
Sample
221120-ksac4sab3s
-
MD5
505958030be46413aa10595b88141d90
-
SHA1
8000907421c3bfdf29ea887aaa0a61ddf7696187
-
SHA256
4cad786f8f4926854998a4046f5e4d48432550ad1df7d743a3ea2ccaa1c6288e
-
SHA512
d0f9e39fb646965858adf53525f346d165eb99dcd85ecb8b440b2103d05dd28baee0cddddbd9f25d24ec82c25105d168467bd74adf8a8c727f00cbfc7ccf3709
-
SSDEEP
1536:ViHjlYEOpS4nGESeEcI6KSwcbPjbuRKlXwLSl9udU5+12UVHYNmpkLcKd32N5GjQ:MrRxA1PqKlXwLI9V+2ofkLcgG/GjSjC
Static task
static1
Behavioral task
behavioral1
Sample
4cad786f8f4926854998a4046f5e4d48432550ad1df7d743a3ea2ccaa1c6288e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4cad786f8f4926854998a4046f5e4d48432550ad1df7d743a3ea2ccaa1c6288e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://116.122.158.195:8080/forum/viewtopic.php
http://endsleepapnea.com/forum/viewtopic.php
http://iecho-mobility.com/forum/viewtopic.php
-
payload_url
http://www.holzbau-glas.de/LBM5tvp.exe
http://magento.takkens.com/58x1nHa.exe
http://forexwinnersacademy.com/TBuGtv.exe
http://exhibitlink.biz/s5GqAd.exe
Targets
-
-
Target
4cad786f8f4926854998a4046f5e4d48432550ad1df7d743a3ea2ccaa1c6288e
-
Size
134KB
-
MD5
505958030be46413aa10595b88141d90
-
SHA1
8000907421c3bfdf29ea887aaa0a61ddf7696187
-
SHA256
4cad786f8f4926854998a4046f5e4d48432550ad1df7d743a3ea2ccaa1c6288e
-
SHA512
d0f9e39fb646965858adf53525f346d165eb99dcd85ecb8b440b2103d05dd28baee0cddddbd9f25d24ec82c25105d168467bd74adf8a8c727f00cbfc7ccf3709
-
SSDEEP
1536:ViHjlYEOpS4nGESeEcI6KSwcbPjbuRKlXwLSl9udU5+12UVHYNmpkLcKd32N5GjQ:MrRxA1PqKlXwLI9V+2ofkLcgG/GjSjC
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-