General
-
Target
0a2a8d0d33b1374f3ffc10c6b42c0174b85739825d2fee227aefe4454b7bde69
-
Size
119KB
-
Sample
221203-a7pfgadh4s
-
MD5
a065fbd81081d888f3e885d248a6f299
-
SHA1
d23feb4cec0eecee397877ffb246c1270dbc1923
-
SHA256
0a2a8d0d33b1374f3ffc10c6b42c0174b85739825d2fee227aefe4454b7bde69
-
SHA512
59bb76e1df1c78b83f919b6a71bc2dd3dd0f6ca3ccd14d9cc4a40173ce2b506ee2b4fbe6ea4946af697a06f8c2240fae99502e4ce8bdad887af3d8fc371a8ab4
-
SSDEEP
1536:TXnSjC+0dQviVduMDrRVwYid8DMrs2HsuL1tec9yOSnikxkxyO1hB1groLau:T6C+YQviVMMD8d8DDil2cyikQHPr7au
Static task
static1
Behavioral task
behavioral1
Sample
0a2a8d0d33b1374f3ffc10c6b42c0174b85739825d2fee227aefe4454b7bde69.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://nursenextdoor.com:443/forum/viewtopic.php
http://dreamonseniorswish.org:443/forum/viewtopic.php
http://prospexleads.com:8080/forum/viewtopic.php
http://phonebillssuck.com:8080/forum/viewtopic.php
-
payload_url
http://globaldoesitall.com/hPr0.exe
http://derricoassociati.it/rjrtYyw5.exe
http://csisatx.com/MTj5yF.exe
http://www.flesnercompanies.com/xavAm.exe
Targets
-
-
Target
0a2a8d0d33b1374f3ffc10c6b42c0174b85739825d2fee227aefe4454b7bde69
-
Size
119KB
-
MD5
a065fbd81081d888f3e885d248a6f299
-
SHA1
d23feb4cec0eecee397877ffb246c1270dbc1923
-
SHA256
0a2a8d0d33b1374f3ffc10c6b42c0174b85739825d2fee227aefe4454b7bde69
-
SHA512
59bb76e1df1c78b83f919b6a71bc2dd3dd0f6ca3ccd14d9cc4a40173ce2b506ee2b4fbe6ea4946af697a06f8c2240fae99502e4ce8bdad887af3d8fc371a8ab4
-
SSDEEP
1536:TXnSjC+0dQviVduMDrRVwYid8DMrs2HsuL1tec9yOSnikxkxyO1hB1groLau:T6C+YQviVMMD8d8DDil2cyikQHPr7au
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-