General
-
Target
57d9f2df623008c966baa1bc27dd99d9b895b7b1b6d53ff882d73045a12145f4
-
Size
134KB
-
Sample
221003-bl5e8sacb2
-
MD5
73dd7a13f1a82ca7262a2f3c38498b50
-
SHA1
9b42e11d30bdcada4f38f51b976aeda45004079b
-
SHA256
57d9f2df623008c966baa1bc27dd99d9b895b7b1b6d53ff882d73045a12145f4
-
SHA512
ea888337b00e4866d2bf7c61350dcca8084427c5bfe8ad7521ae59c90b416fa9c69ec0de25a55151d4199169220d17d19f133725c2b4be575451c35b755f945b
-
SSDEEP
3072:CZD9IdkJO9jYfm9nM1RnOC6u/wESBf6fY2xv9:QEF9v68KsBf6g2xv
Static task
static1
Behavioral task
behavioral1
Sample
57d9f2df623008c966baa1bc27dd99d9b895b7b1b6d53ff882d73045a12145f4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
57d9f2df623008c966baa1bc27dd99d9b895b7b1b6d53ff882d73045a12145f4.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/ponyb/gate.php
http://reubenpacheco.com/ponyb/gate.php
http://reubenpacheco.tv/ponyb/gate.php
http://sherman-oaks-condos-for-sale.com/ponyb/gate.php
-
payload_url
http://dp26022227.lolipop.jp/7ynx4.exe
http://zetaliterature.com/3oSZrb.exe
http://ihlwholesale.com/a0Ry9FoQ.exe
http://affordablebestcatering.com/RhpVB.exe
Targets
-
-
Target
57d9f2df623008c966baa1bc27dd99d9b895b7b1b6d53ff882d73045a12145f4
-
Size
134KB
-
MD5
73dd7a13f1a82ca7262a2f3c38498b50
-
SHA1
9b42e11d30bdcada4f38f51b976aeda45004079b
-
SHA256
57d9f2df623008c966baa1bc27dd99d9b895b7b1b6d53ff882d73045a12145f4
-
SHA512
ea888337b00e4866d2bf7c61350dcca8084427c5bfe8ad7521ae59c90b416fa9c69ec0de25a55151d4199169220d17d19f133725c2b4be575451c35b755f945b
-
SSDEEP
3072:CZD9IdkJO9jYfm9nM1RnOC6u/wESBf6fY2xv9:QEF9v68KsBf6g2xv
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-