General
-
Target
b3252b5fa02fc8cf13e7b5bb8cf8025bb56ff708ba7354f2ecb5fc8a20faa9c5
-
Size
128KB
-
Sample
221119-hkleasdd3t
-
MD5
54401043a4ec78d17634414a338b8210
-
SHA1
281371fc2575307c16652e69fead4ec270001ec1
-
SHA256
b3252b5fa02fc8cf13e7b5bb8cf8025bb56ff708ba7354f2ecb5fc8a20faa9c5
-
SHA512
0127cb96b60e369e077a7e5405748cb92cb90900fc9a5f66d3de47d4fdf40d9b4b63b0351fcbcc1f110240ac1c5be3b38a7969a43886ed34adef42019f56b010
-
SSDEEP
3072:xXa4Y9B9uf8Arg1v861VmsWyT4GEXskfByr2gj+DpJktAJo/D1:DgnmpyT4LXskfByr2tpStF
Static task
static1
Behavioral task
behavioral1
Sample
b3252b5fa02fc8cf13e7b5bb8cf8025bb56ff708ba7354f2ecb5fc8a20faa9c5.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b3252b5fa02fc8cf13e7b5bb8cf8025bb56ff708ba7354f2ecb5fc8a20faa9c5.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://angels-mail.com:8080/ponys/gate.php
http://mail.yaklasim.com:8080/ponys/gate.php
http://palmspringsvacationhomerentals.com/ponys/gate.php
http://palmspringsvacationrentalshomes.com/ponys/gate.php
-
payload_url
http://00002fl.rcomhost.com/DCW1grdF.exe
http://appliedbearings.com/J4s3swS7.exe
http://myshoppingbusiness.com/uzyf.exe
http://agwfinanse.pl/Rup.exe
Targets
-
-
Target
b3252b5fa02fc8cf13e7b5bb8cf8025bb56ff708ba7354f2ecb5fc8a20faa9c5
-
Size
128KB
-
MD5
54401043a4ec78d17634414a338b8210
-
SHA1
281371fc2575307c16652e69fead4ec270001ec1
-
SHA256
b3252b5fa02fc8cf13e7b5bb8cf8025bb56ff708ba7354f2ecb5fc8a20faa9c5
-
SHA512
0127cb96b60e369e077a7e5405748cb92cb90900fc9a5f66d3de47d4fdf40d9b4b63b0351fcbcc1f110240ac1c5be3b38a7969a43886ed34adef42019f56b010
-
SSDEEP
3072:xXa4Y9B9uf8Arg1v861VmsWyT4GEXskfByr2gj+DpJktAJo/D1:DgnmpyT4LXskfByr2tpStF
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-