General
-
Target
5193511e95bec7fc490c11db4264fda64e1eda943fe4db186eb00b58ed86260f
-
Size
122KB
-
Sample
221203-a7abjsag82
-
MD5
ef850fedf0c74161d09c6f32bee0bdd1
-
SHA1
a4ec86617b52f8cd44d4a73ff7a9ec809563d106
-
SHA256
5193511e95bec7fc490c11db4264fda64e1eda943fe4db186eb00b58ed86260f
-
SHA512
403f40b9b13651ae33b952cf3f3333d2ac93fd2b36d41bf39253c22e3a80f4e6b3f4ca672516122271974971fbbf08b00354952adec995ef881a07b98097854a
-
SSDEEP
3072:9JvjDIFnvoePrBX0tS58sDXlVlvPyKe92o2KjF:/HIFvD9XWS58o1VIz3jF
Static task
static1
Behavioral task
behavioral1
Sample
5193511e95bec7fc490c11db4264fda64e1eda943fe4db186eb00b58ed86260f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5193511e95bec7fc490c11db4264fda64e1eda943fe4db186eb00b58ed86260f.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://nursenextdoor.com:443/forum/viewtopic.php
http://dreamonseniorswish.org:443/forum/viewtopic.php
http://prospexleads.com:8080/forum/viewtopic.php
http://phonebillssuck.com:8080/forum/viewtopic.php
-
payload_url
http://190.147.81.28/BT5bPWc1.exe
http://www.dl2htd.de/tdPTU02.exe
http://dim-kalogeras-ka-lar.schools.ac.cy/v7ct.exe
http://208.112.125.250/Y5gB.exe
Targets
-
-
Target
5193511e95bec7fc490c11db4264fda64e1eda943fe4db186eb00b58ed86260f
-
Size
122KB
-
MD5
ef850fedf0c74161d09c6f32bee0bdd1
-
SHA1
a4ec86617b52f8cd44d4a73ff7a9ec809563d106
-
SHA256
5193511e95bec7fc490c11db4264fda64e1eda943fe4db186eb00b58ed86260f
-
SHA512
403f40b9b13651ae33b952cf3f3333d2ac93fd2b36d41bf39253c22e3a80f4e6b3f4ca672516122271974971fbbf08b00354952adec995ef881a07b98097854a
-
SSDEEP
3072:9JvjDIFnvoePrBX0tS58sDXlVlvPyKe92o2KjF:/HIFvD9XWS58o1VIz3jF
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-