General
-
Target
fb76e28d6472dfdac84fbcf7c5b2f0a7666c477dc06a11aa876b2a2820be9ebd
-
Size
118KB
-
Sample
221002-nv23pafadk
-
MD5
6f08fa924bf77ce490a2f7e3f7b7f730
-
SHA1
d29434a3e52a3172ab3a233e451696935348f323
-
SHA256
fb76e28d6472dfdac84fbcf7c5b2f0a7666c477dc06a11aa876b2a2820be9ebd
-
SHA512
dacd0b40f92ea64982dfa88bd3d268e6d3bb9e95c9c9cb6c0fee2579dbe4a8190e77fecbe1ad2072d5258fd9876a35829ab13d26c248d00bc89e5fc3a7f84f66
-
SSDEEP
3072:VU9MH3mbKriHvkMzYJx9hm63ARrVwGf0zE2Ua:a9sAKri5YH9hm7DwGf0zE2z
Static task
static1
Behavioral task
behavioral1
Sample
fb76e28d6472dfdac84fbcf7c5b2f0a7666c477dc06a11aa876b2a2820be9ebd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fb76e28d6472dfdac84fbcf7c5b2f0a7666c477dc06a11aa876b2a2820be9ebd.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://supportquilting.com/ponyz/gate.php
http://eaglebay-eb5.com/ponyz/gate.php
http://eaglebay5.com/ponyz/gate.php
http://wcaband.org/ponyz/gate.php
-
payload_url
http://ftp.lithotipiki.gr/6i7Kec.exe
http://workingschool.dk/Ndq.exe
http://ray.tc/83s.exe
Targets
-
-
Target
fb76e28d6472dfdac84fbcf7c5b2f0a7666c477dc06a11aa876b2a2820be9ebd
-
Size
118KB
-
MD5
6f08fa924bf77ce490a2f7e3f7b7f730
-
SHA1
d29434a3e52a3172ab3a233e451696935348f323
-
SHA256
fb76e28d6472dfdac84fbcf7c5b2f0a7666c477dc06a11aa876b2a2820be9ebd
-
SHA512
dacd0b40f92ea64982dfa88bd3d268e6d3bb9e95c9c9cb6c0fee2579dbe4a8190e77fecbe1ad2072d5258fd9876a35829ab13d26c248d00bc89e5fc3a7f84f66
-
SSDEEP
3072:VU9MH3mbKriHvkMzYJx9hm63ARrVwGf0zE2Ua:a9sAKri5YH9hm7DwGf0zE2z
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-