General
-
Target
a3a792a942844a4b21fde8bc3e19b74457c3bb63f88b111604ffd8852ab464ae
-
Size
114KB
-
Sample
221002-pwlyjafcf7
-
MD5
71941755e050320bab739e14dcbb45a0
-
SHA1
4b4aac83ad035a93d00bcabc2b3cb4c5eb204d55
-
SHA256
a3a792a942844a4b21fde8bc3e19b74457c3bb63f88b111604ffd8852ab464ae
-
SHA512
a1fb60b1fbd2968416e2a0af714ed83442a36620d97f3e7cb6eab3614942ad840ea1458d6a17b5abf09d5b06b1f75ed9aaa5e487c85f00b197888b9c026ed35d
-
SSDEEP
1536:W8y9sJEDdD+Xfy9Wyi8W9m1KiydIL/S0+ogH8YRPlaTTesOBmmTu6C:W8yzt+aMcW9m4ITeR8YRP6TrWg
Static task
static1
Behavioral task
behavioral1
Sample
a3a792a942844a4b21fde8bc3e19b74457c3bb63f88b111604ffd8852ab464ae.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a3a792a942844a4b21fde8bc3e19b74457c3bb63f88b111604ffd8852ab464ae.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://aandimedsolutions.info/ponyb/gate.php
http://aandimedsolutions.net/ponyb/gate.php
http://antarcticland-union.it/ponyb/gate.php
http://antarcticland-union.org/ponyb/gate.php
-
payload_url
http://aprilaire700.com/JAGsLTE.exe
http://ftp.ppp.at/MhCSKv.exe
http://bremer-haus.de/xPNtQ.exe
http://salsaconfuego.com/RCY.exe
Targets
-
-
Target
a3a792a942844a4b21fde8bc3e19b74457c3bb63f88b111604ffd8852ab464ae
-
Size
114KB
-
MD5
71941755e050320bab739e14dcbb45a0
-
SHA1
4b4aac83ad035a93d00bcabc2b3cb4c5eb204d55
-
SHA256
a3a792a942844a4b21fde8bc3e19b74457c3bb63f88b111604ffd8852ab464ae
-
SHA512
a1fb60b1fbd2968416e2a0af714ed83442a36620d97f3e7cb6eab3614942ad840ea1458d6a17b5abf09d5b06b1f75ed9aaa5e487c85f00b197888b9c026ed35d
-
SSDEEP
1536:W8y9sJEDdD+Xfy9Wyi8W9m1KiydIL/S0+ogH8YRPlaTTesOBmmTu6C:W8yzt+aMcW9m4ITeR8YRP6TrWg
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-