General
-
Target
2c3f328db377fdb73afbc528dc5f906839c28de1fd6efaeddfe35a3f354603d8
-
Size
123KB
-
Sample
221203-a7hypadh2y
-
MD5
c8d3a43248ad9d63e9a6ecd95ca99bad
-
SHA1
0088cec0453f4b1b17602ba0e4cea4a0f4837837
-
SHA256
2c3f328db377fdb73afbc528dc5f906839c28de1fd6efaeddfe35a3f354603d8
-
SHA512
8b68678af4de6a19943f700631aa4edc2783224fca28afaab29bd9ffd7926223cee6b73b01e5e114ed91a4e01532a15d186763bd870761d3e3f9ad3246d960e7
-
SSDEEP
3072:3kwf67aI1aDa3FOlanHk0IcWxEsGgGMBDyyuT:iaI1aDUFOlZlBlJMd
Static task
static1
Behavioral task
behavioral1
Sample
2c3f328db377fdb73afbc528dc5f906839c28de1fd6efaeddfe35a3f354603d8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2c3f328db377fdb73afbc528dc5f906839c28de1fd6efaeddfe35a3f354603d8.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://dreamonseniorswish.org:443/forum/viewtopic.php
http://prospexleads.com:8080/forum/viewtopic.php
http://phonebillssuck.com:8080/forum/viewtopic.php
http://myimpactblog.com:8080/forum/viewtopic.php
-
payload_url
http://dunmoreconsultants.com/wyVRN.exe
http://www.photonet.com.mx/z8panm0J.exe
http://proverifyskills.com/vxKU.exe
http://d1003686.stwadmin.net/v1djX.exe
Targets
-
-
Target
2c3f328db377fdb73afbc528dc5f906839c28de1fd6efaeddfe35a3f354603d8
-
Size
123KB
-
MD5
c8d3a43248ad9d63e9a6ecd95ca99bad
-
SHA1
0088cec0453f4b1b17602ba0e4cea4a0f4837837
-
SHA256
2c3f328db377fdb73afbc528dc5f906839c28de1fd6efaeddfe35a3f354603d8
-
SHA512
8b68678af4de6a19943f700631aa4edc2783224fca28afaab29bd9ffd7926223cee6b73b01e5e114ed91a4e01532a15d186763bd870761d3e3f9ad3246d960e7
-
SSDEEP
3072:3kwf67aI1aDa3FOlanHk0IcWxEsGgGMBDyyuT:iaI1aDUFOlZlBlJMd
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-