General
-
Target
33e2bf3b82c3b782b0197b55e2b34a831999b0d621a99a2d5074b554f86bcd5b
-
Size
128KB
-
Sample
221203-a7gevsdh2w
-
MD5
a41d22aa6fac7711038f5d8775aef860
-
SHA1
f90730c6105547b238c6c298a6ea46a23536a85e
-
SHA256
33e2bf3b82c3b782b0197b55e2b34a831999b0d621a99a2d5074b554f86bcd5b
-
SHA512
776886936bdc38b58172c837e6b8d729da6504e8238a6eb4cb3041a386ec4ccbe3598a98ea786bf963ee2d5869c6a43af91aad06b43bf64aeb79ea91bc36b622
-
SSDEEP
3072:r/f+lrsNaQ7qPUrwlHlL7OWdt56rFovzEc/7kIOB:TwsoAW9OMn6Tc/0
Static task
static1
Behavioral task
behavioral1
Sample
33e2bf3b82c3b782b0197b55e2b34a831999b0d621a99a2d5074b554f86bcd5b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
33e2bf3b82c3b782b0197b55e2b34a831999b0d621a99a2d5074b554f86bcd5b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://dreamonseniorswish.org:443/forum/viewtopic.php
http://prospexleads.com:8080/forum/viewtopic.php
http://phonebillssuck.com:8080/forum/viewtopic.php
http://myimpactblog.com:8080/forum/viewtopic.php
-
payload_url
http://ftp.alenetoo.com/2YLt.exe
http://www.artwork.1stpads.com/ijiK.exe
http://www.bansontrade.co.uk/ULiC.exe
http://getreadytochangeyourlife.com/wJwU.exe
Targets
-
-
Target
33e2bf3b82c3b782b0197b55e2b34a831999b0d621a99a2d5074b554f86bcd5b
-
Size
128KB
-
MD5
a41d22aa6fac7711038f5d8775aef860
-
SHA1
f90730c6105547b238c6c298a6ea46a23536a85e
-
SHA256
33e2bf3b82c3b782b0197b55e2b34a831999b0d621a99a2d5074b554f86bcd5b
-
SHA512
776886936bdc38b58172c837e6b8d729da6504e8238a6eb4cb3041a386ec4ccbe3598a98ea786bf963ee2d5869c6a43af91aad06b43bf64aeb79ea91bc36b622
-
SSDEEP
3072:r/f+lrsNaQ7qPUrwlHlL7OWdt56rFovzEc/7kIOB:TwsoAW9OMn6Tc/0
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-