General
-
Target
12dabae7c735b09260b1b03240b7ace61e9b0055d5947dd83ccd1d30abaeff9c
-
Size
114KB
-
Sample
221120-lds3caba2z
-
MD5
3f8f8d7ff45bb415f8913a80d75e2e00
-
SHA1
bcea4dab6073bf0c2232533fd1a0d32585df6e92
-
SHA256
12dabae7c735b09260b1b03240b7ace61e9b0055d5947dd83ccd1d30abaeff9c
-
SHA512
667ceab560e30e58d1291f9d5efc40cb65a90e63336ddd9c2b2a69c823c34c280f46add633809eb00885e25d9557a4255a21419862a2dd5b77006aa0d58c97f2
-
SSDEEP
3072:kbwIoHNaBXSlmOA8YVAbFXkgSM5WryAmg5dzEL:kEIgeioR8qUXbIJEL
Static task
static1
Behavioral task
behavioral1
Sample
12dabae7c735b09260b1b03240b7ace61e9b0055d5947dd83ccd1d30abaeff9c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
12dabae7c735b09260b1b03240b7ace61e9b0055d5947dd83ccd1d30abaeff9c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://199.168.184.198:81/ponys/gate.php
http://116.122.158.195:8080/ponys/gate.php
http://maine-munchies.com/ponys/gate.php
http://thecaviarofmaine.com/ponys/gate.php
-
payload_url
http://bartenderreview.com/cCyZ.exe
http://www.pc-dienst-beck.de/8DM3o3pG.exe
http://privatesavings.ca/xbDQUEFi.exe
http://spireportal.net/Q19pE.exe
Targets
-
-
Target
12dabae7c735b09260b1b03240b7ace61e9b0055d5947dd83ccd1d30abaeff9c
-
Size
114KB
-
MD5
3f8f8d7ff45bb415f8913a80d75e2e00
-
SHA1
bcea4dab6073bf0c2232533fd1a0d32585df6e92
-
SHA256
12dabae7c735b09260b1b03240b7ace61e9b0055d5947dd83ccd1d30abaeff9c
-
SHA512
667ceab560e30e58d1291f9d5efc40cb65a90e63336ddd9c2b2a69c823c34c280f46add633809eb00885e25d9557a4255a21419862a2dd5b77006aa0d58c97f2
-
SSDEEP
3072:kbwIoHNaBXSlmOA8YVAbFXkgSM5WryAmg5dzEL:kEIgeioR8qUXbIJEL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-