General
-
Target
f5c62ae88d0b80e0f21c4c8a6ce62ff5283c81fa760ce0015641b5cb3d014ce4
-
Size
118KB
-
Sample
221203-a6lyysag37
-
MD5
63feb4f66ccf084c084a0996715a912a
-
SHA1
6425736301e97005cd7ccb0aad2adebba3b784fb
-
SHA256
f5c62ae88d0b80e0f21c4c8a6ce62ff5283c81fa760ce0015641b5cb3d014ce4
-
SHA512
cd4e55b306f71be905d46d01b796e9e991db22a66ad3552d8e773f63c098e55ebd0548d361ed7fa4a6738021257f5a821118f72c634590fbe9edd0cc991c5a5b
-
SSDEEP
3072:FZgPvMRlsNHnp1R64za8BXc7G1bK7FxAlS:wH0ypmkRc7G12jk
Static task
static1
Behavioral task
behavioral1
Sample
f5c62ae88d0b80e0f21c4c8a6ce62ff5283c81fa760ce0015641b5cb3d014ce4.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f5c62ae88d0b80e0f21c4c8a6ce62ff5283c81fa760ce0015641b5cb3d014ce4.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://webmail.alsultantravel.com:8080/forum/viewtopic.php
http://alsultantravel.com:8080/forum/viewtopic.php
http://webmail.alsultantravel.info:8080/forum/viewtopic.php
http://198.57.130.35:8080/forum/viewtopic.php
-
payload_url
http://legodendart.com/f2kr.exe
http://horizon.okcareertech.org/1k7Yvm.exe
http://marinapanagiotidou.gr/qntUYid.exe
http://www.sch.ac.cy/DH8xSJxy.exe
Targets
-
-
Target
f5c62ae88d0b80e0f21c4c8a6ce62ff5283c81fa760ce0015641b5cb3d014ce4
-
Size
118KB
-
MD5
63feb4f66ccf084c084a0996715a912a
-
SHA1
6425736301e97005cd7ccb0aad2adebba3b784fb
-
SHA256
f5c62ae88d0b80e0f21c4c8a6ce62ff5283c81fa760ce0015641b5cb3d014ce4
-
SHA512
cd4e55b306f71be905d46d01b796e9e991db22a66ad3552d8e773f63c098e55ebd0548d361ed7fa4a6738021257f5a821118f72c634590fbe9edd0cc991c5a5b
-
SSDEEP
3072:FZgPvMRlsNHnp1R64za8BXc7G1bK7FxAlS:wH0ypmkRc7G12jk
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-