General
-
Target
f5f33ce8b0548deecd5aa4ba3d1e6df6a88ada03c67d68b1bce6b7fbe32c32ec
-
Size
114KB
-
Sample
221120-hvnmeafc6z
-
MD5
5ffcfd97b9ec7376434768edb2914a69
-
SHA1
47aa9e31ee3d94aff9416fedadd39c895fd61ffa
-
SHA256
f5f33ce8b0548deecd5aa4ba3d1e6df6a88ada03c67d68b1bce6b7fbe32c32ec
-
SHA512
b6915fdac708f4dd69e437b174afb0d78008c71f01abb2f51647fb813572f7a504425a930e3a72bcb2dd6066b7480f6fefeb553158124332e00f526229859fb7
-
SSDEEP
3072:oLg0wcuDOLBfD9T5O2c0PWVz+y/Z4F+X:IuDCZI2cAWDZ4o
Static task
static1
Behavioral task
behavioral1
Sample
f5f33ce8b0548deecd5aa4ba3d1e6df6a88ada03c67d68b1bce6b7fbe32c32ec.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f5f33ce8b0548deecd5aa4ba3d1e6df6a88ada03c67d68b1bce6b7fbe32c32ec.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://checkpointluggage.com/ponyb/gate.php
http://clotheswalla.com/ponyb/gate.php
http://consumerluggage.com/ponyb/gate.php
http://coolstowage.com/ponyb/gate.php
-
payload_url
http://ebaa.daa.jp/A8HFWqy.exe
http://www.ekko-snakker.de/n9m.exe
http://fanpageserver.info/PhFJ.exe
http://hakata-ekimae.biz/YyJYqg.exe
Targets
-
-
Target
f5f33ce8b0548deecd5aa4ba3d1e6df6a88ada03c67d68b1bce6b7fbe32c32ec
-
Size
114KB
-
MD5
5ffcfd97b9ec7376434768edb2914a69
-
SHA1
47aa9e31ee3d94aff9416fedadd39c895fd61ffa
-
SHA256
f5f33ce8b0548deecd5aa4ba3d1e6df6a88ada03c67d68b1bce6b7fbe32c32ec
-
SHA512
b6915fdac708f4dd69e437b174afb0d78008c71f01abb2f51647fb813572f7a504425a930e3a72bcb2dd6066b7480f6fefeb553158124332e00f526229859fb7
-
SSDEEP
3072:oLg0wcuDOLBfD9T5O2c0PWVz+y/Z4F+X:IuDCZI2cAWDZ4o
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-