General
-
Target
9de21dc66fd8233e46c202b039dbb40e5bdd7c105dc01f9b5f42543e2867003c
-
Size
115KB
-
Sample
221120-jwbvnsde25
-
MD5
03013a2e760250bfd1d55f37a37c28f0
-
SHA1
b3bae204bf1a776e08efe9947f3c51d640238150
-
SHA256
9de21dc66fd8233e46c202b039dbb40e5bdd7c105dc01f9b5f42543e2867003c
-
SHA512
f1f782bf1b9f24f9441528de59bc467b156b91f2ed9a1aa76310f319e115e7599aa5662dfdeefbe4db649750894c7faadb96251db0dfd16222288ba1c4985504
-
SSDEEP
3072:YFqTdF/7QF5y72babc0SVmNt52weBC6BqCnZO:YOu5ysocOtWBq0w
Static task
static1
Behavioral task
behavioral1
Sample
9de21dc66fd8233e46c202b039dbb40e5bdd7c105dc01f9b5f42543e2867003c.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
9de21dc66fd8233e46c202b039dbb40e5bdd7c105dc01f9b5f42543e2867003c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://easymapbuilder.com/ponys/gate.php
http://findmynewhouse.co.uk/ponys/gate.php
http://findmynewschool.com/ponys/gate.php
http://trippling.com/ponys/gate.php
-
payload_url
http://www.akaneuchida.com/iXLNgi2.exe
http://proeller-shop.homepage.t-online.de/btz.exe
http://dapingluo.com/QfvbZyn.exe
http://weimarenterprises.com/n4t43ZqX.exe
Targets
-
-
Target
9de21dc66fd8233e46c202b039dbb40e5bdd7c105dc01f9b5f42543e2867003c
-
Size
115KB
-
MD5
03013a2e760250bfd1d55f37a37c28f0
-
SHA1
b3bae204bf1a776e08efe9947f3c51d640238150
-
SHA256
9de21dc66fd8233e46c202b039dbb40e5bdd7c105dc01f9b5f42543e2867003c
-
SHA512
f1f782bf1b9f24f9441528de59bc467b156b91f2ed9a1aa76310f319e115e7599aa5662dfdeefbe4db649750894c7faadb96251db0dfd16222288ba1c4985504
-
SSDEEP
3072:YFqTdF/7QF5y72babc0SVmNt52weBC6BqCnZO:YOu5ysocOtWBq0w
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-