General
-
Target
6ec7a74a5657390b63215d91b5c8d7231c4cf8b05ac63e34aa2c904165c6d4f9
-
Size
137KB
-
Sample
221003-bg9t6abegr
-
MD5
49a205520e83c463d78bcb52ca32f370
-
SHA1
9cfb12caf2183425ff133e9a02b91afb40100822
-
SHA256
6ec7a74a5657390b63215d91b5c8d7231c4cf8b05ac63e34aa2c904165c6d4f9
-
SHA512
edda8d7fa1b8ce8e29a014512b3fb1a0c67556af21caf9b1cdc0b3aacbd466d5cba7ce07462ffa6d15ffd848dd4981fa6e4a63363a53ee5f4084398228da9664
-
SSDEEP
3072:C8WD3sV08yGHWqSVlLQXlxJxYyFo69L6NMu3HVkukeKx:SqIlLkHJOR69Nu3HmukeKx
Static task
static1
Behavioral task
behavioral1
Sample
6ec7a74a5657390b63215d91b5c8d7231c4cf8b05ac63e34aa2c904165c6d4f9.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6ec7a74a5657390b63215d91b5c8d7231c4cf8b05ac63e34aa2c904165c6d4f9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://ripnhuipn.ru/ppp/gate.php
-
payload_url
http://dave.www.ontera.net/Pnu7U1j.exe
http://prccusa.com/Xb8agZ.exe
http://207.204.5.170/FrcA9vg.exe
Targets
-
-
Target
6ec7a74a5657390b63215d91b5c8d7231c4cf8b05ac63e34aa2c904165c6d4f9
-
Size
137KB
-
MD5
49a205520e83c463d78bcb52ca32f370
-
SHA1
9cfb12caf2183425ff133e9a02b91afb40100822
-
SHA256
6ec7a74a5657390b63215d91b5c8d7231c4cf8b05ac63e34aa2c904165c6d4f9
-
SHA512
edda8d7fa1b8ce8e29a014512b3fb1a0c67556af21caf9b1cdc0b3aacbd466d5cba7ce07462ffa6d15ffd848dd4981fa6e4a63363a53ee5f4084398228da9664
-
SSDEEP
3072:C8WD3sV08yGHWqSVlLQXlxJxYyFo69L6NMu3HVkukeKx:SqIlLkHJOR69Nu3HmukeKx
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-