General
-
Target
3e2d65ae1605decd64c8c4045d22d0df359d73de3d36d9bc54096e1a11fb25cf
-
Size
172KB
-
Sample
221128-g4p16abh99
-
MD5
70060007521c8e62ab5be59c997884cd
-
SHA1
fafc7dfb1a53b8c0d146e8ff58c0178f05d2cbf1
-
SHA256
3e2d65ae1605decd64c8c4045d22d0df359d73de3d36d9bc54096e1a11fb25cf
-
SHA512
39e8fc8ac15140a71d60873a8ec55ae0026f18f2317fd7468f7ccd6b1db627ff825d67a67830464cd72bfc7012c034c64323128080c72871dec6c300bd5e9bfe
-
SSDEEP
1536:38xeJljjSGrfB3gEy5qtiSNWmrz25oPgEs+rSTsGwZbz2Poj/YUpmYBb+kFeHn9a:3XjSG13M5eUmYNNw92PY/YUpmYBb+kF
Static task
static1
Behavioral task
behavioral1
Sample
3e2d65ae1605decd64c8c4045d22d0df359d73de3d36d9bc54096e1a11fb25cf.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://209.59.219.1/ponys/gate.php
http://212.58.20.11/ponys/gate.php
-
payload_url
http://bde-essec.com/1ePZ.exe
http://datamidiaprojecoes.com.br/Axws.exe
http://travelbuoy.com/Gi9M.exe
http://www.katesmentionables.com/ppbkcRV4.exe
http://seo.co.it/WarRVVtw.exe
Targets
-
-
Target
3e2d65ae1605decd64c8c4045d22d0df359d73de3d36d9bc54096e1a11fb25cf
-
Size
172KB
-
MD5
70060007521c8e62ab5be59c997884cd
-
SHA1
fafc7dfb1a53b8c0d146e8ff58c0178f05d2cbf1
-
SHA256
3e2d65ae1605decd64c8c4045d22d0df359d73de3d36d9bc54096e1a11fb25cf
-
SHA512
39e8fc8ac15140a71d60873a8ec55ae0026f18f2317fd7468f7ccd6b1db627ff825d67a67830464cd72bfc7012c034c64323128080c72871dec6c300bd5e9bfe
-
SSDEEP
1536:38xeJljjSGrfB3gEy5qtiSNWmrz25oPgEs+rSTsGwZbz2Poj/YUpmYBb+kFeHn9a:3XjSG13M5eUmYNNw92PY/YUpmYBb+kF
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-