General
-
Target
06f157f9d38294965afef825079b4e1caa77322249b030a5481bd2e97e5257bd
-
Size
120KB
-
Sample
221119-tv5rgaeb9y
-
MD5
529c3ed944deaf4fed068f03d6115da0
-
SHA1
1e9375aaa74d76786c7f7ed7962618f8badc1f67
-
SHA256
06f157f9d38294965afef825079b4e1caa77322249b030a5481bd2e97e5257bd
-
SHA512
09c2e1697e4f92300d0dd6e2ba34a113341977368e9e030a401d860fe72cfdbc4e41b4646abf8357c7dc501325cc1fe7b8ca63986052f2e360ccc480c94f944c
-
SSDEEP
3072:ldVg58pO2L5xv2Uf1xKX6V/UjGka9SV5QsVtTyqzuDgA9ksOE:XV+8UqfNq6BFkV5nTyqzuDf9ksh
Static task
static1
Behavioral task
behavioral1
Sample
06f157f9d38294965afef825079b4e1caa77322249b030a5481bd2e97e5257bd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
06f157f9d38294965afef825079b4e1caa77322249b030a5481bd2e97e5257bd.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://forum.xcpus.com:8080/ponys/gate.php
http://buildmybarwebsite.com/ponys/gate.php
http://continentalfuel.com/ponys/gate.php
http://futurefuelofamerica.com/ponys/gate.php
-
payload_url
http://www.pc-dienst-beck.de/UWztwyXa.exe
http://privatesavings.ca/CN9jpGK.exe
http://spireportal.net/MYWJg.exe
http://weimarenterprises.com/n4t43ZqX.exe
Targets
-
-
Target
06f157f9d38294965afef825079b4e1caa77322249b030a5481bd2e97e5257bd
-
Size
120KB
-
MD5
529c3ed944deaf4fed068f03d6115da0
-
SHA1
1e9375aaa74d76786c7f7ed7962618f8badc1f67
-
SHA256
06f157f9d38294965afef825079b4e1caa77322249b030a5481bd2e97e5257bd
-
SHA512
09c2e1697e4f92300d0dd6e2ba34a113341977368e9e030a401d860fe72cfdbc4e41b4646abf8357c7dc501325cc1fe7b8ca63986052f2e360ccc480c94f944c
-
SSDEEP
3072:ldVg58pO2L5xv2Uf1xKX6V/UjGka9SV5QsVtTyqzuDgA9ksOE:XV+8UqfNq6BFkV5nTyqzuDf9ksh
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-