General
-
Target
f1bcaf59cf05afb3e87a2ccc20ff1f5fe09a1b299e51cc1241df18f335055846
-
Size
113KB
-
Sample
221002-nz4r3sdgd3
-
MD5
72030b10a16c2211a7822c65614960a0
-
SHA1
97291039869c30e73d68a42d6b11bb0675220686
-
SHA256
f1bcaf59cf05afb3e87a2ccc20ff1f5fe09a1b299e51cc1241df18f335055846
-
SHA512
109b22e688ead7e8b7d7df1e1af6fd62d34c0929a49750dc0a7e2de84ef9fa542f4e71fea7c7b182a026cd29ff44c18bef6f7eeb6ea2476d3c4d34289ef86410
-
SSDEEP
1536:57lvoq6Mbyr8I6kYV3vR/oxvLTxGnhxNHOYUC4PDk61jAjuv2twUdlCbP6xGb1SE:5762/R1o0n8lPDk61SuuLyOIcEHOHE
Static task
static1
Behavioral task
behavioral1
Sample
f1bcaf59cf05afb3e87a2ccc20ff1f5fe09a1b299e51cc1241df18f335055846.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f1bcaf59cf05afb3e87a2ccc20ff1f5fe09a1b299e51cc1241df18f335055846.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://e-babybooks.com/ponyz/gate.php
http://forever-portraits.com/ponyz/gate.php
http://itconsultantsdenver.com/ponyz/gate.php
http://living-alive.net/ponyz/gate.php
-
payload_url
http://ftp.lithotipiki.gr/6i7Kec.exe
http://workingschool.dk/Ndq.exe
http://www.sprinterviaggi.com/mWRvj.exe
Targets
-
-
Target
f1bcaf59cf05afb3e87a2ccc20ff1f5fe09a1b299e51cc1241df18f335055846
-
Size
113KB
-
MD5
72030b10a16c2211a7822c65614960a0
-
SHA1
97291039869c30e73d68a42d6b11bb0675220686
-
SHA256
f1bcaf59cf05afb3e87a2ccc20ff1f5fe09a1b299e51cc1241df18f335055846
-
SHA512
109b22e688ead7e8b7d7df1e1af6fd62d34c0929a49750dc0a7e2de84ef9fa542f4e71fea7c7b182a026cd29ff44c18bef6f7eeb6ea2476d3c4d34289ef86410
-
SSDEEP
1536:57lvoq6Mbyr8I6kYV3vR/oxvLTxGnhxNHOYUC4PDk61jAjuv2twUdlCbP6xGb1SE:5762/R1o0n8lPDk61SuuLyOIcEHOHE
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-