General
-
Target
395624c14a6ff96aabeb2592e0ed87f5df8230f5d1f4e0512804d54184a1bac8
-
Size
109KB
-
Sample
221002-q3w8hshdd8
-
MD5
6fffddc480a15aba71710bd0d207b530
-
SHA1
bcf311c594f5c8be0ff923d775f008be135c12a1
-
SHA256
395624c14a6ff96aabeb2592e0ed87f5df8230f5d1f4e0512804d54184a1bac8
-
SHA512
08ed216bd8ce2b9d8743e8d6b87da112585dd8a9f7917477ce789f0003166e609f061a4a6c1d214775d61126eab3884644b9eae5c535e455468d88dbadcfa56b
-
SSDEEP
1536:YYpjNXMvI5KMpX0oCmxugvH2cPg1asxMn2LDGRgvXaMc7quljQnDDOs2a634FSt:rP5LU/gOcPeS2vjP27PMes2an
Static task
static1
Behavioral task
behavioral1
Sample
395624c14a6ff96aabeb2592e0ed87f5df8230f5d1f4e0512804d54184a1bac8.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
395624c14a6ff96aabeb2592e0ed87f5df8230f5d1f4e0512804d54184a1bac8.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://storeyourthings.net/ponyb/gate.php
http://drjoycethomasderm.com/ponyb/gate.php
http://ibounceinflatables.com/ponyb/gate.php
http://joycethomasdermathensga.com/ponyb/gate.php
-
payload_url
http://www.autogabicce.it/Ga7HLjZ.exe
http://ebaa.daa.jp/PePbz1e.exe
http://ftp.paradetrade.com/RkGndP.exe
http://eucert.com/7u5.exe
Targets
-
-
Target
395624c14a6ff96aabeb2592e0ed87f5df8230f5d1f4e0512804d54184a1bac8
-
Size
109KB
-
MD5
6fffddc480a15aba71710bd0d207b530
-
SHA1
bcf311c594f5c8be0ff923d775f008be135c12a1
-
SHA256
395624c14a6ff96aabeb2592e0ed87f5df8230f5d1f4e0512804d54184a1bac8
-
SHA512
08ed216bd8ce2b9d8743e8d6b87da112585dd8a9f7917477ce789f0003166e609f061a4a6c1d214775d61126eab3884644b9eae5c535e455468d88dbadcfa56b
-
SSDEEP
1536:YYpjNXMvI5KMpX0oCmxugvH2cPg1asxMn2LDGRgvXaMc7quljQnDDOs2a634FSt:rP5LU/gOcPeS2vjP27PMes2an
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-