General
-
Target
50f56f7ff1fe27d3b3dcff554ad49e9982d93148ece503a2e04807ff9b43f92b
-
Size
115KB
-
Sample
221002-qs6n7sghd9
-
MD5
665a2fd3dcd164632de7247302b6db00
-
SHA1
5eecd7cf7db91a8f52108df9e4d049981a7186d6
-
SHA256
50f56f7ff1fe27d3b3dcff554ad49e9982d93148ece503a2e04807ff9b43f92b
-
SHA512
d61bded6e5685562c09b402229da6fea2621743c5505cc823c4bc58b663f8c37ddcfe49a372541e962e051aac2767eae1e2dde4dbaaf4a0f1e12e925eb765183
-
SSDEEP
3072:d2JcwRXY8oT47QzZReYzxFyO4TSD1cU4:TeI95z/eYz0TSpU
Static task
static1
Behavioral task
behavioral1
Sample
50f56f7ff1fe27d3b3dcff554ad49e9982d93148ece503a2e04807ff9b43f92b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
50f56f7ff1fe27d3b3dcff554ad49e9982d93148ece503a2e04807ff9b43f92b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://trippling.com/ponys/gate.php
http://beachfrontconcierge.com/ponys/gate.php
http://dinneraffairs.com/ponys/gate.php
http://douglasvillestorage.com/ponys/gate.php
-
payload_url
http://www.akaneuchida.com/iXLNgi2.exe
http://proeller-shop.homepage.t-online.de/btz.exe
http://dapingluo.com/QfvbZyn.exe
http://weimarenterprises.com/n4t43ZqX.exe
Targets
-
-
Target
50f56f7ff1fe27d3b3dcff554ad49e9982d93148ece503a2e04807ff9b43f92b
-
Size
115KB
-
MD5
665a2fd3dcd164632de7247302b6db00
-
SHA1
5eecd7cf7db91a8f52108df9e4d049981a7186d6
-
SHA256
50f56f7ff1fe27d3b3dcff554ad49e9982d93148ece503a2e04807ff9b43f92b
-
SHA512
d61bded6e5685562c09b402229da6fea2621743c5505cc823c4bc58b663f8c37ddcfe49a372541e962e051aac2767eae1e2dde4dbaaf4a0f1e12e925eb765183
-
SSDEEP
3072:d2JcwRXY8oT47QzZReYzxFyO4TSD1cU4:TeI95z/eYz0TSpU
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-