General
-
Target
af40d0de72e39d6cd80cb4be7bfecf02436370084e951642b99e9644203030aa
-
Size
365KB
-
Sample
221127-ryblpaea95
-
MD5
7f1a21d3df2d28191119e4d974143419
-
SHA1
bef7982df81fde216e1ff9a400e0599b2d6121a2
-
SHA256
af40d0de72e39d6cd80cb4be7bfecf02436370084e951642b99e9644203030aa
-
SHA512
a7df7a0be0e904e8f2176c8f1a6d1dfe27e5d14397419ddd214867881362ee875bad2852d3e483f18d54656163bd7b776ee732b85b4453292fe4905e7d221fc0
-
SSDEEP
3072:U1agxibpFHcsMcWYFxzkZdmVVUD8VQknr4B0FpvWeTCAb8dqa0fP9p0wQHHMoI8B:pgxgpysfFxw/mUQVQnC8eb8dqfX6MiO
Static task
static1
Behavioral task
behavioral1
Sample
af40d0de72e39d6cd80cb4be7bfecf02436370084e951642b99e9644203030aa.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://invoiceseclib.com/gate.php
http://fastdrozdfund.com/gate.php
http://ferginestor.com/gate.php
http://gmosnbae.com/gate.php
-
payload_url
http://www.candmaccounting.com/wp-content/plugins/cached_data/po.exe
http://cankurtaranegitimleri.com/wp-content/plugins/cached_data/po.exe
http://capacitareventos.com.br/wp-content/plugins/cached_data/po.exe
http://valerunners.com/wp-content/po.exe
Targets
-
-
Target
af40d0de72e39d6cd80cb4be7bfecf02436370084e951642b99e9644203030aa
-
Size
365KB
-
MD5
7f1a21d3df2d28191119e4d974143419
-
SHA1
bef7982df81fde216e1ff9a400e0599b2d6121a2
-
SHA256
af40d0de72e39d6cd80cb4be7bfecf02436370084e951642b99e9644203030aa
-
SHA512
a7df7a0be0e904e8f2176c8f1a6d1dfe27e5d14397419ddd214867881362ee875bad2852d3e483f18d54656163bd7b776ee732b85b4453292fe4905e7d221fc0
-
SSDEEP
3072:U1agxibpFHcsMcWYFxzkZdmVVUD8VQknr4B0FpvWeTCAb8dqa0fP9p0wQHHMoI8B:pgxgpysfFxw/mUQVQnC8eb8dqfX6MiO
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-