General
-
Target
ed52818e88195020ab3b36904d0e9ada1b0658fd7287e9610289da44780e676a
-
Size
150KB
-
Sample
221203-avlh2sch3x
-
MD5
b6bceb43fec6a1438f4142b2eb3f9f73
-
SHA1
07ece735f26703cc80f43670bf4e24a9337c0435
-
SHA256
ed52818e88195020ab3b36904d0e9ada1b0658fd7287e9610289da44780e676a
-
SHA512
4c6c3aa57927815026fdfa10803f46bf953d1c6038d0ed8a567d9981c03321d1c23465fa978849758ca90adafff6e5973a576da2110d885889f5b6406391e053
-
SSDEEP
3072:C4icx7Es3kS0uAZBEFUFz+ntZSEKd/3Ms/:xBxp0pB7EkWIEI5
Static task
static1
Behavioral task
behavioral1
Sample
ed52818e88195020ab3b36904d0e9ada1b0658fd7287e9610289da44780e676a.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://blog.ritual.ca:8080/forum/viewtopic.php
http://dontgetcaught.ca:8080/forum/viewtopic.php
http://justcateringfoodservices.com:8080/forum/viewtopic.php
http://lumberlandnorth.com:8080/forum/viewtopic.php
-
payload_url
http://pipepetrol.com/iYqu.exe
http://labosphera.eu/pbvJ.exe
http://ftp.securerise.com/VwqHEn5m.exe
Targets
-
-
Target
ed52818e88195020ab3b36904d0e9ada1b0658fd7287e9610289da44780e676a
-
Size
150KB
-
MD5
b6bceb43fec6a1438f4142b2eb3f9f73
-
SHA1
07ece735f26703cc80f43670bf4e24a9337c0435
-
SHA256
ed52818e88195020ab3b36904d0e9ada1b0658fd7287e9610289da44780e676a
-
SHA512
4c6c3aa57927815026fdfa10803f46bf953d1c6038d0ed8a567d9981c03321d1c23465fa978849758ca90adafff6e5973a576da2110d885889f5b6406391e053
-
SSDEEP
3072:C4icx7Es3kS0uAZBEFUFz+ntZSEKd/3Ms/:xBxp0pB7EkWIEI5
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-