General
-
Target
44c02f725b52ba55ff6f8cc9a248e866d366dd3f31a84b693fc7ffcbe81b9386
-
Size
126KB
-
Sample
221003-cpkexabhe3
-
MD5
56cacf786e8a6b482fd10b697ba17830
-
SHA1
bf6a6a6602ddac657063de147f7c994e92583df8
-
SHA256
44c02f725b52ba55ff6f8cc9a248e866d366dd3f31a84b693fc7ffcbe81b9386
-
SHA512
ef9fcd0b7ec27ce12d46586018d410bd520bd4a9693aa487e7db5ba0b7d6f16393b0610a5f99a45d1d15688648d210086ab80dd6321c9778358624fe34d7b2d2
-
SSDEEP
1536:gSPI2BsZ3+W5mGmOS+57QGo5hKRrpBdzYbIiGGEPhT6ldeiZUVmbg82gRcqZ529:goC5S+VQG2K3iGil0ekqsscM529
Static task
static1
Behavioral task
behavioral1
Sample
44c02f725b52ba55ff6f8cc9a248e866d366dd3f31a84b693fc7ffcbe81b9386.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
44c02f725b52ba55ff6f8cc9a248e866d366dd3f31a84b693fc7ffcbe81b9386.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/ponyz/gate.php
http://grupoent.com/ponyz/gate.php
http://enteratecalifornia.com/ponyz/gate.php
http://ignaciomoreno.com/ponyz/gate.php
-
payload_url
http://backup.hellaswebnews.com/xLa8dhx.exe
http://www.friesenjungs.com/HtRZUsG.exe
http://jollys.co.uk/wUdPGq13.exe
Targets
-
-
Target
44c02f725b52ba55ff6f8cc9a248e866d366dd3f31a84b693fc7ffcbe81b9386
-
Size
126KB
-
MD5
56cacf786e8a6b482fd10b697ba17830
-
SHA1
bf6a6a6602ddac657063de147f7c994e92583df8
-
SHA256
44c02f725b52ba55ff6f8cc9a248e866d366dd3f31a84b693fc7ffcbe81b9386
-
SHA512
ef9fcd0b7ec27ce12d46586018d410bd520bd4a9693aa487e7db5ba0b7d6f16393b0610a5f99a45d1d15688648d210086ab80dd6321c9778358624fe34d7b2d2
-
SSDEEP
1536:gSPI2BsZ3+W5mGmOS+57QGo5hKRrpBdzYbIiGGEPhT6ldeiZUVmbg82gRcqZ529:goC5S+VQG2K3iGil0ekqsscM529
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-