General
-
Target
ede92c92a84085506b0c7c75643017f520c11faeab53c1b3de9cdff3271a6e49
-
Size
134KB
-
Sample
221119-gxaynagc53
-
MD5
44010795b72aa4191ad1125989df6b34
-
SHA1
f60092d29ff893ff7b4e795ac4ad43a57e8601d3
-
SHA256
ede92c92a84085506b0c7c75643017f520c11faeab53c1b3de9cdff3271a6e49
-
SHA512
a790b18a8024a6e3471138bbf58ffc25b79dc1d7e70aa92eb129616e69ae8a4d34807000c9690eeef1cca3dcba55a2c3d5c3ebf302d8e6fa356dfffcff490483
-
SSDEEP
3072:3ZZ3rS8LrzDFLIx/HW8pppQqHKsr9WIWbYm:zS8LrzDFk9tppPHKsr9XW8
Static task
static1
Behavioral task
behavioral1
Sample
ede92c92a84085506b0c7c75643017f520c11faeab53c1b3de9cdff3271a6e49.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ede92c92a84085506b0c7c75643017f520c11faeab53c1b3de9cdff3271a6e49.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://116.122.158.195:8080/ponys/gate.php
http://10healthynails.com/ponys/gate.php
http://advprintgraphics.com/ponys/gate.php
http://alabamaelectricalservice.net/ponys/gate.php
-
payload_url
http://worldcompass.info/GtX8kntz.exe
http://02c7bdc.netsolhost.com/bfMXS.exe
http://www.mariassunta.it/S7tZpa.exe
http://207.204.5.170/D58t2VN.exe
Targets
-
-
Target
ede92c92a84085506b0c7c75643017f520c11faeab53c1b3de9cdff3271a6e49
-
Size
134KB
-
MD5
44010795b72aa4191ad1125989df6b34
-
SHA1
f60092d29ff893ff7b4e795ac4ad43a57e8601d3
-
SHA256
ede92c92a84085506b0c7c75643017f520c11faeab53c1b3de9cdff3271a6e49
-
SHA512
a790b18a8024a6e3471138bbf58ffc25b79dc1d7e70aa92eb129616e69ae8a4d34807000c9690eeef1cca3dcba55a2c3d5c3ebf302d8e6fa356dfffcff490483
-
SSDEEP
3072:3ZZ3rS8LrzDFLIx/HW8pppQqHKsr9WIWbYm:zS8LrzDFk9tppPHKsr9XW8
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-