General
-
Target
8f9c09aefc7d60f3c734fcdcf31bec70f17c1d04536593d05222a3c3531b20dd
-
Size
122KB
-
Sample
221203-a6z6ksag63
-
MD5
d190367e4649744b61d8d156c0e39f22
-
SHA1
6feeed98b62c67fab563418b171a3780db3ba9be
-
SHA256
8f9c09aefc7d60f3c734fcdcf31bec70f17c1d04536593d05222a3c3531b20dd
-
SHA512
716b32d751ffa8518fc4ff5eaf002219f7331cc9c69ad43bc84d6e1259570fe6dc8ce91733392f3dedfd41f130da1ae166b07603344310c9e1470fc8bc408f93
-
SSDEEP
3072:Ym2g+TwZ0WiGytNzc2KgOi8u333VbUCM94:Ym1+TFWiGyvQ2K8xq94
Static task
static1
Behavioral task
behavioral1
Sample
8f9c09aefc7d60f3c734fcdcf31bec70f17c1d04536593d05222a3c3531b20dd.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8f9c09aefc7d60f3c734fcdcf31bec70f17c1d04536593d05222a3c3531b20dd.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://nursenextdoor.com:443/forum/viewtopic.php
http://dreamonseniorswish.org:443/forum/viewtopic.php
http://prospexleads.com:8080/forum/viewtopic.php
http://phonebillssuck.com:8080/forum/viewtopic.php
-
payload_url
http://listinopainting.com/c8BHUBf.exe
http://delhi.shaadibazaar.com/EDFrR4s.exe
http://lemuelacosta.com/MZQB.exe
http://by-style.info.dd12710.kasserver.com/x8ki.exe
Targets
-
-
Target
8f9c09aefc7d60f3c734fcdcf31bec70f17c1d04536593d05222a3c3531b20dd
-
Size
122KB
-
MD5
d190367e4649744b61d8d156c0e39f22
-
SHA1
6feeed98b62c67fab563418b171a3780db3ba9be
-
SHA256
8f9c09aefc7d60f3c734fcdcf31bec70f17c1d04536593d05222a3c3531b20dd
-
SHA512
716b32d751ffa8518fc4ff5eaf002219f7331cc9c69ad43bc84d6e1259570fe6dc8ce91733392f3dedfd41f130da1ae166b07603344310c9e1470fc8bc408f93
-
SSDEEP
3072:Ym2g+TwZ0WiGytNzc2KgOi8u333VbUCM94:Ym1+TFWiGyvQ2K8xq94
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-