General
-
Target
02390b364ec5260057604749343631c3aec6cdff94bc779083d0fbe1e6f7c6ea
-
Size
136KB
-
Sample
221120-lkyamsfh79
-
MD5
56915ab4e6a75a4317c375b33161b440
-
SHA1
0821abfe292d2f3e3bf8192b0b2779891866bdd9
-
SHA256
02390b364ec5260057604749343631c3aec6cdff94bc779083d0fbe1e6f7c6ea
-
SHA512
8c366b8bd4bd25a509b91c220adec230edcbe8127c628e8c46f4b2b3e04562d479889d1a1b1fa879ec8b5bead56cb7198784a1889e31c5339d7a0f3b8b8724fc
-
SSDEEP
3072:7V91ABy3RViN193QFGmaz4EOIPxEdRGEyR/oKz553ZF:59wiriBma0I5EzbyuQb
Static task
static1
Behavioral task
behavioral1
Sample
02390b364ec5260057604749343631c3aec6cdff94bc779083d0fbe1e6f7c6ea.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
02390b364ec5260057604749343631c3aec6cdff94bc779083d0fbe1e6f7c6ea.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://190.81.149.106:8080/forum/viewtopic.php
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://laserliposolution.com/forum/viewtopic.php
http://laserlipotight.com/forum/viewtopic.php
-
payload_url
http://BrandsObsession.com/egBeM.exe
http://Pricetruckline.com/U6H.exe
http://inertia-automation.com/sNQmpJMu.exe
Targets
-
-
Target
02390b364ec5260057604749343631c3aec6cdff94bc779083d0fbe1e6f7c6ea
-
Size
136KB
-
MD5
56915ab4e6a75a4317c375b33161b440
-
SHA1
0821abfe292d2f3e3bf8192b0b2779891866bdd9
-
SHA256
02390b364ec5260057604749343631c3aec6cdff94bc779083d0fbe1e6f7c6ea
-
SHA512
8c366b8bd4bd25a509b91c220adec230edcbe8127c628e8c46f4b2b3e04562d479889d1a1b1fa879ec8b5bead56cb7198784a1889e31c5339d7a0f3b8b8724fc
-
SSDEEP
3072:7V91ABy3RViN193QFGmaz4EOIPxEdRGEyR/oKz553ZF:59wiriBma0I5EzbyuQb
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-