General
-
Target
23c6a5694b9295649e850f78c95f94bfc4f76bfd088b0ca63ad22f5b206a8ba7
-
Size
112KB
-
Sample
221120-k7tejafd26
-
MD5
330faa02db5271eaca0b6c5b37ba5560
-
SHA1
4b42497d542a1e0f8c67d62b083f340dcca1f437
-
SHA256
23c6a5694b9295649e850f78c95f94bfc4f76bfd088b0ca63ad22f5b206a8ba7
-
SHA512
b9627784996c26b15123f4ed5d54e6a32d382d16c328e7cf7fc1db7fbe3d99f5f866b680ba65c9e34aa2da3a6844d01e9fd4166b9244bb8a48d71b585276ab1c
-
SSDEEP
1536:Iv9rQb8hoJD4AEJoHun1/6BIoVtNgWCCpJR6u/2+k3j+gU3LPETL4IaEV9zZBMo:UcECHun1illgIJc22+k3j+gU3oY
Static task
static1
Behavioral task
behavioral1
Sample
23c6a5694b9295649e850f78c95f94bfc4f76bfd088b0ca63ad22f5b206a8ba7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
23c6a5694b9295649e850f78c95f94bfc4f76bfd088b0ca63ad22f5b206a8ba7.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://abesgrillandbar.com/ponys/gate.php
http://abesgrille.com/ponys/gate.php
http://abesgrillnbar.com/ponys/gate.php
http://abesonthego.com/ponys/gate.php
-
payload_url
http://ftp.salesone.info/3hcm1Tgx.exe
http://www.busslovakia.sk/bx5.exe
http://53168069.de.strato-hosting.eu/KtL.exe
http://desertanglers.com/8WQWNX.exe
Targets
-
-
Target
23c6a5694b9295649e850f78c95f94bfc4f76bfd088b0ca63ad22f5b206a8ba7
-
Size
112KB
-
MD5
330faa02db5271eaca0b6c5b37ba5560
-
SHA1
4b42497d542a1e0f8c67d62b083f340dcca1f437
-
SHA256
23c6a5694b9295649e850f78c95f94bfc4f76bfd088b0ca63ad22f5b206a8ba7
-
SHA512
b9627784996c26b15123f4ed5d54e6a32d382d16c328e7cf7fc1db7fbe3d99f5f866b680ba65c9e34aa2da3a6844d01e9fd4166b9244bb8a48d71b585276ab1c
-
SSDEEP
1536:Iv9rQb8hoJD4AEJoHun1/6BIoVtNgWCCpJR6u/2+k3j+gU3LPETL4IaEV9zZBMo:UcECHun1illgIJc22+k3j+gU3oY
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-