General
-
Target
d6709e1925b176764014cfb93504d0e33073caaf08d62c58a97ef369049853ee
-
Size
118KB
-
Sample
221002-pbgs3seda4
-
MD5
6f3bd8758460539dac5c7fb9e4b8fc00
-
SHA1
9eaf273d064d482d58dd5af6bab7b757e09cd390
-
SHA256
d6709e1925b176764014cfb93504d0e33073caaf08d62c58a97ef369049853ee
-
SHA512
dc4b90e7ce8b88e2f207990b82e79a6c2405cdd6e2dbd9d95fc173626510e198ab5544d3dfcdb288768df4c97f426b3bc3f2c0ab5488fee931b81a52033ac68c
-
SSDEEP
3072:924T4vvchF8PEviv60ORvzGu+LxEBaUry1z8pdV4mA67YlfU5:UDWFZiCutQpW6cls5
Static task
static1
Behavioral task
behavioral1
Sample
d6709e1925b176764014cfb93504d0e33073caaf08d62c58a97ef369049853ee.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d6709e1925b176764014cfb93504d0e33073caaf08d62c58a97ef369049853ee.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://tmginsurance.org/ponyz/gate.php
http://supportquilting.com/ponyz/gate.php
http://eaglebay-eb5.com/ponyz/gate.php
http://eaglebay5.com/ponyz/gate.php
-
payload_url
http://ftp.lithotipiki.gr/6i7Kec.exe
http://workingschool.dk/Ndq.exe
http://ray.tc/83s.exe
Targets
-
-
Target
d6709e1925b176764014cfb93504d0e33073caaf08d62c58a97ef369049853ee
-
Size
118KB
-
MD5
6f3bd8758460539dac5c7fb9e4b8fc00
-
SHA1
9eaf273d064d482d58dd5af6bab7b757e09cd390
-
SHA256
d6709e1925b176764014cfb93504d0e33073caaf08d62c58a97ef369049853ee
-
SHA512
dc4b90e7ce8b88e2f207990b82e79a6c2405cdd6e2dbd9d95fc173626510e198ab5544d3dfcdb288768df4c97f426b3bc3f2c0ab5488fee931b81a52033ac68c
-
SSDEEP
3072:924T4vvchF8PEviv60ORvzGu+LxEBaUry1z8pdV4mA67YlfU5:UDWFZiCutQpW6cls5
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-