General
-
Target
972923834e449ce5393ffc8fdfa0f10bd3bf718b5b17bc3bff016c6560af5947
-
Size
117KB
-
Sample
221001-2dmhkabchl
-
MD5
7986fa17cbc62609376520f6a45158ae
-
SHA1
76dfe0bff8635e046dc3926b9007fc9625d35f32
-
SHA256
972923834e449ce5393ffc8fdfa0f10bd3bf718b5b17bc3bff016c6560af5947
-
SHA512
6cedb99d1c6d31d4da56818f8314c99615ddf70b44ee02f2c59c177c17e479caef369f5d573e99555963a01525a4a2bb8a89f5144461b5632447543285bc66bc
-
SSDEEP
3072:Fso2BWNA0x8UPhhEN1SoZukJZzcsnfAQhiLyobQ0M:Fs1BWNLJhEGoBJ9csnIQhEc
Static task
static1
Behavioral task
behavioral1
Sample
972923834e449ce5393ffc8fdfa0f10bd3bf718b5b17bc3bff016c6560af5947.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
972923834e449ce5393ffc8fdfa0f10bd3bf718b5b17bc3bff016c6560af5947.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://promedspecialties.com/ponys/gate.php
http://agrimulch.com/ponys/gate.php
http://biomulch.co.uk/ponys/gate.php
http://challengertargets.com/ponys/gate.php
-
payload_url
http://www.pc-dienst-beck.de/8DM3o3pG.exe
http://privatesavings.ca/xbDQUEFi.exe
http://spireportal.net/Q19pE.exe
http://weimarenterprises.com/k6RGo3R6.exe
Targets
-
-
Target
972923834e449ce5393ffc8fdfa0f10bd3bf718b5b17bc3bff016c6560af5947
-
Size
117KB
-
MD5
7986fa17cbc62609376520f6a45158ae
-
SHA1
76dfe0bff8635e046dc3926b9007fc9625d35f32
-
SHA256
972923834e449ce5393ffc8fdfa0f10bd3bf718b5b17bc3bff016c6560af5947
-
SHA512
6cedb99d1c6d31d4da56818f8314c99615ddf70b44ee02f2c59c177c17e479caef369f5d573e99555963a01525a4a2bb8a89f5144461b5632447543285bc66bc
-
SSDEEP
3072:Fso2BWNA0x8UPhhEN1SoZukJZzcsnfAQhiLyobQ0M:Fs1BWNLJhEGoBJ9csnIQhEc
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-