General
-
Target
f75791136bf67a3b8b7ebadffcb2032e99acb27611a5b57584e569fc2118d428
-
Size
119KB
-
Sample
221127-rxfh9ahg4x
-
MD5
48af670c20e7338bbd07c0504f2bff80
-
SHA1
906b3844873231914829c8a86292ade1c02931bf
-
SHA256
f75791136bf67a3b8b7ebadffcb2032e99acb27611a5b57584e569fc2118d428
-
SHA512
49968456c3a32db1e2700d4e6e49462324a7d95b15a79cb26769f8ffc335dacfbe03f705f63183fe631f7a8e57e63ca2fabf216d8c39e4864736df17db4dc064
-
SSDEEP
3072:kOtH92Hkt6olX5V+NhKkMWjre4mewjb7viqTwdL3:kktjX5WXFK42bLV8L3
Static task
static1
Behavioral task
behavioral1
Sample
f75791136bf67a3b8b7ebadffcb2032e99acb27611a5b57584e569fc2118d428.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f75791136bf67a3b8b7ebadffcb2032e99acb27611a5b57584e569fc2118d428.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://talentos.clicken1.com:81/ponyz/gate.php
http://panama.clicken1.com:81/ponyz/gate.php
http://monteazul.clicken1.com:81/ponyz/gate.php
http://199.168.184.198:81/ponyz/gate.php
-
payload_url
http://ftp.lithotipiki.gr/6i7Kec.exe
http://bestestimates.com/dyva6x.exe
http://000023p.rcomhost.com/hAem.exe
Targets
-
-
Target
f75791136bf67a3b8b7ebadffcb2032e99acb27611a5b57584e569fc2118d428
-
Size
119KB
-
MD5
48af670c20e7338bbd07c0504f2bff80
-
SHA1
906b3844873231914829c8a86292ade1c02931bf
-
SHA256
f75791136bf67a3b8b7ebadffcb2032e99acb27611a5b57584e569fc2118d428
-
SHA512
49968456c3a32db1e2700d4e6e49462324a7d95b15a79cb26769f8ffc335dacfbe03f705f63183fe631f7a8e57e63ca2fabf216d8c39e4864736df17db4dc064
-
SSDEEP
3072:kOtH92Hkt6olX5V+NhKkMWjre4mewjb7viqTwdL3:kktjX5WXFK42bLV8L3
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-