General
-
Target
9f61b044de1e7d10bf44dc6dfa319601f45d873d098a0d27add5044d0d66fb8f
-
Size
150KB
-
Sample
221128-k38nnaga3s
-
MD5
20c5da24b41122a380b1f4c23440d14d
-
SHA1
c0f4e1b36289f94bfbba1d0916910fce0251df8c
-
SHA256
9f61b044de1e7d10bf44dc6dfa319601f45d873d098a0d27add5044d0d66fb8f
-
SHA512
bd063618a552f66dc8f054f7bf85ec089300a0109db0606e7d75ef1dadd2c8ae256ecd40ac19a3ae4fe6fa17ad0f811b74ef7836547a426f11465e56c08fd5ce
-
SSDEEP
3072:ipCb/OGHTTNK5OVPE6xG4QtsE5nro7tJ7aWtYu6M4SEiFCDGHI8:I6ofOHaWtYu6BDV
Static task
static1
Behavioral task
behavioral1
Sample
9f61b044de1e7d10bf44dc6dfa319601f45d873d098a0d27add5044d0d66fb8f.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://pontysss.dyndns.dk/pontorez/gate.php
http://ponytd.dyndns.dk/pontorez/gate.php
http://pontyd.dyndns.dk/pontorez/gate.php
http://weree.dyndns.dk/pontorez/gate.php
http://amaster.dyndns.dk/pontorez/gate.php
-
payload_url
http://ponytd.dyndns.dk/pontorez/bin/1.exe
http://ponytd.dyndns.dk/pontorez/bin/2.exe
http://ponytd.dyndns.dk/pontorez/bin/3.exe
http://ponytd.dyndns.dk/pontorez/bin/4.exe
http://pontyd.dyndns.dk/pontorez/bin/1.exe
http://pontyd.dyndns.dk/pontorez/bin/2.exe
http://pontyd.dyndns.dk/pontorez/bin/3.exe
http://pontyd.dyndns.dk/pontorez/bin/4.exe
http://weree.dyndns.dk/pontorez/bin/1.exe
http://weree.dyndns.dk/pontorez/bin/2.exe
http://weree.dyndns.dk/pontorez/bin/3.exe
http://weree.dyndns.dk/pontorez/bin/4.exe
Targets
-
-
Target
9f61b044de1e7d10bf44dc6dfa319601f45d873d098a0d27add5044d0d66fb8f
-
Size
150KB
-
MD5
20c5da24b41122a380b1f4c23440d14d
-
SHA1
c0f4e1b36289f94bfbba1d0916910fce0251df8c
-
SHA256
9f61b044de1e7d10bf44dc6dfa319601f45d873d098a0d27add5044d0d66fb8f
-
SHA512
bd063618a552f66dc8f054f7bf85ec089300a0109db0606e7d75ef1dadd2c8ae256ecd40ac19a3ae4fe6fa17ad0f811b74ef7836547a426f11465e56c08fd5ce
-
SSDEEP
3072:ipCb/OGHTTNK5OVPE6xG4QtsE5nro7tJ7aWtYu6M4SEiFCDGHI8:I6ofOHaWtYu6BDV
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-