General
-
Target
fe71d57b7f6ab838a1c790f5c127ef706113b116844221e432bf744f6d5e5c28
-
Size
2.4MB
-
Sample
230627-a56lzade3x
-
MD5
a171ff1bab9c4958907ac0e2155c32e7
-
SHA1
88ca042f0143b790e405a084b702b460d2eb35d7
-
SHA256
fe71d57b7f6ab838a1c790f5c127ef706113b116844221e432bf744f6d5e5c28
-
SHA512
99f0bc859a0b91499483b3eff84177e9a4226a55eaa84cbe3e9a91c4c7689e891cbea85ff6d24c7009d1ad7ace685a308c6eef9e7845efc87c720755dc6b1e85
-
SSDEEP
24576:F2OTeFxvKLuoucZybHXMDg2cQV09aoz25OVn3GuQ5Y3h3js9son8crZwGdeNMzpV:bTux6ZT0sozGK3Ns9s9gZNoNm7
Static task
static1
Behavioral task
behavioral1
Sample
fe71d57b7f6ab838a1c790f5c127ef706113b116844221e432bf744f6d5e5c28.exe
Resource
win7-20230621-en
Malware Config
Extracted
pony
http://66.175.218.242/pony/gate.php
http://209.59.218.25/pony/gate.php
-
payload_url
http://metearici.com.tr/e7S8kmm.exe
http://dermografite.com.br/CUiE5VBZ.exe
http://www.grupomaisativa.com.br/4XZePz.exe
Targets
-
-
Target
fe71d57b7f6ab838a1c790f5c127ef706113b116844221e432bf744f6d5e5c28
-
Size
2.4MB
-
MD5
a171ff1bab9c4958907ac0e2155c32e7
-
SHA1
88ca042f0143b790e405a084b702b460d2eb35d7
-
SHA256
fe71d57b7f6ab838a1c790f5c127ef706113b116844221e432bf744f6d5e5c28
-
SHA512
99f0bc859a0b91499483b3eff84177e9a4226a55eaa84cbe3e9a91c4c7689e891cbea85ff6d24c7009d1ad7ace685a308c6eef9e7845efc87c720755dc6b1e85
-
SSDEEP
24576:F2OTeFxvKLuoucZybHXMDg2cQV09aoz25OVn3GuQ5Y3h3js9son8crZwGdeNMzpV:bTux6ZT0sozGK3Ns9s9gZNoNm7
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-