General
-
Target
cc0b4411441d9c33052aebd95d8d44d5e359fe8ddf3c04d90474da6bc27056d0
-
Size
134KB
-
Sample
221119-ha37csgh62
-
MD5
52a3b48bb3dffdf5ee359c2d274393e0
-
SHA1
6265834250b17881eac4583dbaff63ad75827702
-
SHA256
cc0b4411441d9c33052aebd95d8d44d5e359fe8ddf3c04d90474da6bc27056d0
-
SHA512
271c47cc35430abadf3b920161b622986a5800c6b2ae8ecbcf5df4f9f8fa25cf893779138aa7d5118bb52d32e52a17aeb25ed3f9c8b71dfa7c5360b82a497b39
-
SSDEEP
3072:Z5Nr7WXryG4k79fci49+zSSWJlRPFFMQ+GaW+9RY/4:vNXZMxcbEcPLMwt
Static task
static1
Behavioral task
behavioral1
Sample
cc0b4411441d9c33052aebd95d8d44d5e359fe8ddf3c04d90474da6bc27056d0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cc0b4411441d9c33052aebd95d8d44d5e359fe8ddf3c04d90474da6bc27056d0.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://116.122.158.195:8080/ponyf/gate.php
http://mail.yaklasim.com:8080/ponyf/gate.php
http://customer-smart-now.com/ponyf/gate.php
http://customer-smart-now.net/ponyf/gate.php
-
payload_url
http://crenail.de/9SvYM.exe
http://eclay.netwiz.net/hgXV.exe
http://markus-schmidt-online.net/rrh2n.exe
Targets
-
-
Target
cc0b4411441d9c33052aebd95d8d44d5e359fe8ddf3c04d90474da6bc27056d0
-
Size
134KB
-
MD5
52a3b48bb3dffdf5ee359c2d274393e0
-
SHA1
6265834250b17881eac4583dbaff63ad75827702
-
SHA256
cc0b4411441d9c33052aebd95d8d44d5e359fe8ddf3c04d90474da6bc27056d0
-
SHA512
271c47cc35430abadf3b920161b622986a5800c6b2ae8ecbcf5df4f9f8fa25cf893779138aa7d5118bb52d32e52a17aeb25ed3f9c8b71dfa7c5360b82a497b39
-
SSDEEP
3072:Z5Nr7WXryG4k79fci49+zSSWJlRPFFMQ+GaW+9RY/4:vNXZMxcbEcPLMwt
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-