General
-
Target
e3534acbc2748eb0790198f8f47127da75b3fac4b822104b650b208d7d7d9135
-
Size
114KB
-
Sample
221119-g14edagd97
-
MD5
1f0e7fc2f3c6da762aaff8ce320bc53f
-
SHA1
07dac644de588a265856f89aa3926191886dbd75
-
SHA256
e3534acbc2748eb0790198f8f47127da75b3fac4b822104b650b208d7d7d9135
-
SHA512
4a6b39cbe1f2b2e0d0298f0a4714b1677032d1a6e200078cd867475c5ee9f11085d2b2888a88aced3f154268bc982e7d6545274b8bbb0c5e180604195f62ad13
-
SSDEEP
1536:HvRl+Um9yBTwZX2jKZOoAyunJu5DlAferreUpJwC3LNalPTM3QkvF4XmY:Hv7WyB8YjKZT/IJallrkC3LgpMgkvFI
Static task
static1
Behavioral task
behavioral1
Sample
e3534acbc2748eb0790198f8f47127da75b3fac4b822104b650b208d7d7d9135.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e3534acbc2748eb0790198f8f47127da75b3fac4b822104b650b208d7d7d9135.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://rockims.com/forum/viewtopic.php
http://saltlakecityutahcommercialrealestate.com/forum/viewtopic.php
http://utahbankownedhomesonline.info/forum/viewtopic.php
http://utahonlinerealestate.com/forum/viewtopic.php
-
payload_url
http://204.12.101.9/GDN.exe
http://208.112.125.250/nBZVKfVs.exe
http://support.paladin-ent.com/pU7Ze.exe
http://servernas.com.au/TzHGU.exe
Targets
-
-
Target
e3534acbc2748eb0790198f8f47127da75b3fac4b822104b650b208d7d7d9135
-
Size
114KB
-
MD5
1f0e7fc2f3c6da762aaff8ce320bc53f
-
SHA1
07dac644de588a265856f89aa3926191886dbd75
-
SHA256
e3534acbc2748eb0790198f8f47127da75b3fac4b822104b650b208d7d7d9135
-
SHA512
4a6b39cbe1f2b2e0d0298f0a4714b1677032d1a6e200078cd867475c5ee9f11085d2b2888a88aced3f154268bc982e7d6545274b8bbb0c5e180604195f62ad13
-
SSDEEP
1536:HvRl+Um9yBTwZX2jKZOoAyunJu5DlAferreUpJwC3LNalPTM3QkvF4XmY:Hv7WyB8YjKZT/IJallrkC3LgpMgkvFI
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-