General
-
Target
1232ac0b7a89ce1c6e37bd49fa67d2421e3237d79bb5c7d67e98cb0fc70c7a00
-
Size
216KB
-
Sample
221127-rez5yacg57
-
MD5
d3d5197edf53342937baee82c9d47a3f
-
SHA1
2e61b38afeb8fd1df19863b4c4a1680363561d50
-
SHA256
1232ac0b7a89ce1c6e37bd49fa67d2421e3237d79bb5c7d67e98cb0fc70c7a00
-
SHA512
9dbd6bb8fbea90a964c53eb996c4961dbd4293207fa25c1652111063e92e566729623017d3735b0847950b580bf297dee961525d5dec7732cc25aea96f3de6d6
-
SSDEEP
3072:UMCWzfgGqnJVbS0/09KOZGyiqquYTsOYM2RSOucFracL:UMC8oGaJVbS0/09b6TsOYpRSOucFF
Static task
static1
Behavioral task
behavioral1
Sample
1232ac0b7a89ce1c6e37bd49fa67d2421e3237d79bb5c7d67e98cb0fc70c7a00.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://54.178.140.122:8080/imageslib/upload.php
http://84.40.2.227:8080/imageslib/upload.php
http://89.107.184.219:8080/imageslib/upload.php
http://46.105.102.76:8080/imageslib/upload.php
Targets
-
-
Target
1232ac0b7a89ce1c6e37bd49fa67d2421e3237d79bb5c7d67e98cb0fc70c7a00
-
Size
216KB
-
MD5
d3d5197edf53342937baee82c9d47a3f
-
SHA1
2e61b38afeb8fd1df19863b4c4a1680363561d50
-
SHA256
1232ac0b7a89ce1c6e37bd49fa67d2421e3237d79bb5c7d67e98cb0fc70c7a00
-
SHA512
9dbd6bb8fbea90a964c53eb996c4961dbd4293207fa25c1652111063e92e566729623017d3735b0847950b580bf297dee961525d5dec7732cc25aea96f3de6d6
-
SSDEEP
3072:UMCWzfgGqnJVbS0/09KOZGyiqquYTsOYM2RSOucFracL:UMC8oGaJVbS0/09b6TsOYpRSOucFF
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-