General
-
Target
0fb952cb428f5acec308879b7de57231a60ba31989e1641f5a8a111099c78839
-
Size
128KB
-
Sample
221203-a7ntyaah22
-
MD5
4ed8e79dc9d95cbfb4d82afdf0321ff0
-
SHA1
382948ffb33a3f6cc4fb6dcd0995cd4e236c1fdc
-
SHA256
0fb952cb428f5acec308879b7de57231a60ba31989e1641f5a8a111099c78839
-
SHA512
c2af93f7fdd537e6691a496830821a5be5c683deed0f51e7193e14daf853a3968e9c2a492245cd5fe330e85123801d8b222c65646f9d3eeb50a542be3ed86274
-
SSDEEP
3072:cercpxfGdPueNWgdMmDROeMrfvG+MBL+9TSN1F:ce4pgvNBdHDUJrfvPMBL0+XF
Static task
static1
Behavioral task
behavioral1
Sample
0fb952cb428f5acec308879b7de57231a60ba31989e1641f5a8a111099c78839.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0fb952cb428f5acec308879b7de57231a60ba31989e1641f5a8a111099c78839.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://prospexleads.com:8080/ponyb/gate.php
http://phonebillssuck.com:8080/ponyb/gate.php
http://myimpactblog.com:8080/ponyb/gate.php
http://yourprospexblog.com:8080/ponyb/gate.php
-
payload_url
http://abbeyevents.co.uk/fNF1.exe
http://whiteheadst.com/JrN9Jv.exe
http://salsaconfuego.com/RCY.exe
http://fales.info/PwvextRo.exe
Targets
-
-
Target
0fb952cb428f5acec308879b7de57231a60ba31989e1641f5a8a111099c78839
-
Size
128KB
-
MD5
4ed8e79dc9d95cbfb4d82afdf0321ff0
-
SHA1
382948ffb33a3f6cc4fb6dcd0995cd4e236c1fdc
-
SHA256
0fb952cb428f5acec308879b7de57231a60ba31989e1641f5a8a111099c78839
-
SHA512
c2af93f7fdd537e6691a496830821a5be5c683deed0f51e7193e14daf853a3968e9c2a492245cd5fe330e85123801d8b222c65646f9d3eeb50a542be3ed86274
-
SSDEEP
3072:cercpxfGdPueNWgdMmDROeMrfvG+MBL+9TSN1F:ce4pgvNBdHDUJrfvPMBL0+XF
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-