General
-
Target
875aab4628036ffd9615f716a9b37a6e279749e9e8dc9ded7f4261dc4b4ab092
-
Size
114KB
-
Sample
221201-chal5aec25
-
MD5
0d720f6a20a9209f9c80abca68b26c20
-
SHA1
7ef0a23923778b0b4e68d5335e4a02e518d3c168
-
SHA256
875aab4628036ffd9615f716a9b37a6e279749e9e8dc9ded7f4261dc4b4ab092
-
SHA512
ada7fe55d4292f8ea07ba7cd17be7cbba2069c9c3f69e4f936a0f606de9aa9ea190025898b9c3059f0192633a8bbed8a9b7c8d85eaf71f3932b08a7478081793
-
SSDEEP
3072:ex519Fns1z/tSqscMzbR5ioZBLX7NT0lkBc7:m5Nsd/tSqpYPpZN0lV
Static task
static1
Behavioral task
behavioral1
Sample
875aab4628036ffd9615f716a9b37a6e279749e9e8dc9ded7f4261dc4b4ab092.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
875aab4628036ffd9615f716a9b37a6e279749e9e8dc9ded7f4261dc4b4ab092.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://abescasualgrill.net/forum/viewtopic.php
http://abescasualgrill.org/forum/viewtopic.php
http://abesexpress.com/forum/viewtopic.php
http://abesgastropub.co/forum/viewtopic.php
-
payload_url
http://kryokontur.fr/EHZhPV.exe
http://myshoppingbusiness.com/ngyLs.exe
http://foromaquinas.net/JHdczhdQ.exe
http://megajet.fr/jnq14U7.exe
Targets
-
-
Target
875aab4628036ffd9615f716a9b37a6e279749e9e8dc9ded7f4261dc4b4ab092
-
Size
114KB
-
MD5
0d720f6a20a9209f9c80abca68b26c20
-
SHA1
7ef0a23923778b0b4e68d5335e4a02e518d3c168
-
SHA256
875aab4628036ffd9615f716a9b37a6e279749e9e8dc9ded7f4261dc4b4ab092
-
SHA512
ada7fe55d4292f8ea07ba7cd17be7cbba2069c9c3f69e4f936a0f606de9aa9ea190025898b9c3059f0192633a8bbed8a9b7c8d85eaf71f3932b08a7478081793
-
SSDEEP
3072:ex519Fns1z/tSqscMzbR5ioZBLX7NT0lkBc7:m5Nsd/tSqpYPpZN0lV
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-