General
-
Target
d7cfb08249fbeb6f4943b6b94919d39b
-
Size
161KB
-
Sample
240320-ed2wxsgf31
-
MD5
d7cfb08249fbeb6f4943b6b94919d39b
-
SHA1
8ceae95286062f372d3da2a66146477cae7a582f
-
SHA256
1c3371f96ce677d88cc9ad8ef8960491c3b9b643117e4d2d435bc7bf9d21154a
-
SHA512
84bee13536eed154a9f3bb61867c762c6ce887fab460d650591cc3306d2decb73d6b500c233b4f5c11d1a408a5274726c67132e5f987cdfac378fe00ea7da6a8
-
SSDEEP
3072:gT01H52EkRm9zLydRtlWf9y+VmzuSBRas:q0YOyOguE
Static task
static1
Behavioral task
behavioral1
Sample
d7cfb08249fbeb6f4943b6b94919d39b.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://173.203.237.163:81/pony/gate.php
http://66.175.216.128/pony/gate.php
-
payload_url
http://nuolaidos.lsas.lt/0HyztY.exe
http://waltermusa.com/Cq8HsR7t.exe
Targets
-
-
Target
d7cfb08249fbeb6f4943b6b94919d39b
-
Size
161KB
-
MD5
d7cfb08249fbeb6f4943b6b94919d39b
-
SHA1
8ceae95286062f372d3da2a66146477cae7a582f
-
SHA256
1c3371f96ce677d88cc9ad8ef8960491c3b9b643117e4d2d435bc7bf9d21154a
-
SHA512
84bee13536eed154a9f3bb61867c762c6ce887fab460d650591cc3306d2decb73d6b500c233b4f5c11d1a408a5274726c67132e5f987cdfac378fe00ea7da6a8
-
SSDEEP
3072:gT01H52EkRm9zLydRtlWf9y+VmzuSBRas:q0YOyOguE
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-