General
-
Target
55461786c498d3aa1f164cb56198625994daea5c97b2c5b77fcbaf132e4a55eb
-
Size
121KB
-
Sample
221203-a684gsag78
-
MD5
6788d034fd5f9df6222b72e1d5d2178f
-
SHA1
43233a57dc7aa9f16fb645b38572ec30f3390294
-
SHA256
55461786c498d3aa1f164cb56198625994daea5c97b2c5b77fcbaf132e4a55eb
-
SHA512
6cffe7a36c91e8f318aa25bc2bc720fec3efbe0c0053e424b6f5a43bfd44f27217be4d803ad2d286cbbf783795922544e7d89885bf6518961cc219d1494224e8
-
SSDEEP
1536:yYX6DpIoXq0ca2r7MclGV9ExclPQ70w7f8L/SczQFyA0MR2pvsmezu9Nis/7Ru6C:yI6qoq0cawU96clNMc+F8KVzu1FNw
Static task
static1
Behavioral task
behavioral1
Sample
55461786c498d3aa1f164cb56198625994daea5c97b2c5b77fcbaf132e4a55eb.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://nursenextdoor.com:443/forum/viewtopic.php
http://dreamonseniorswish.org:443/forum/viewtopic.php
http://prospexleads.com:8080/forum/viewtopic.php
http://phonebillssuck.com:8080/forum/viewtopic.php
-
payload_url
http://www.mshc.in/hKW.exe
http://pcorbits.com/5edh9Au.exe
http://95.110.228.229/Y0tmeeSZ.exe
http://church.main.jp/Yr3P4h0P.exe
Targets
-
-
Target
55461786c498d3aa1f164cb56198625994daea5c97b2c5b77fcbaf132e4a55eb
-
Size
121KB
-
MD5
6788d034fd5f9df6222b72e1d5d2178f
-
SHA1
43233a57dc7aa9f16fb645b38572ec30f3390294
-
SHA256
55461786c498d3aa1f164cb56198625994daea5c97b2c5b77fcbaf132e4a55eb
-
SHA512
6cffe7a36c91e8f318aa25bc2bc720fec3efbe0c0053e424b6f5a43bfd44f27217be4d803ad2d286cbbf783795922544e7d89885bf6518961cc219d1494224e8
-
SSDEEP
1536:yYX6DpIoXq0ca2r7MclGV9ExclPQ70w7f8L/SczQFyA0MR2pvsmezu9Nis/7Ru6C:yI6qoq0cawU96clNMc+F8KVzu1FNw
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-