General
-
Target
5d37eb5567871bc74d1dad39f5c74e2edffdf5aa2b9fe1a65d1eb4febb596202
-
Size
117KB
-
Sample
221203-cgppnaef26
-
MD5
22f5b305b1623b31b102dbf27836612b
-
SHA1
612b1b118160cf1c2c1dd46fa7168a73b14f3af2
-
SHA256
5d37eb5567871bc74d1dad39f5c74e2edffdf5aa2b9fe1a65d1eb4febb596202
-
SHA512
5c17df96330dd7a424fa631e2bac3d077818e5f698ee6b01866211f293a793904f287798d00092f25475a79e9c7cc3c7e269fa3a3264a67f7ee6c11a10da5e5e
-
SSDEEP
1536:U2WcotcDWnDT3MBMURik+5EvNw6HrBNnijDjFA+YBcpOSn5ycVN2OWGeasCsRUb/:U2Wr9cxi4NxLo3Fpl7n5hj2zZ5Z0Mm
Static task
static1
Behavioral task
behavioral1
Sample
5d37eb5567871bc74d1dad39f5c74e2edffdf5aa2b9fe1a65d1eb4febb596202.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://frankcremascocabinets.com/forum/viewtopic.php
http://giuseppepiruzza.com/forum/viewtopic.php
http://gordonpoint.biz/forum/viewtopic.php
http://gordonpoint.info/forum/viewtopic.php
-
payload_url
http://68.228.8.88/GG0sqZw9.exe
http://seguridadelectronicaenred.com/Ax1pASKp.exe
http://academicjourneyonline.com/ExA.exe
http://www.zaun-exklusiv.de/pp5jN152.exe
Targets
-
-
Target
5d37eb5567871bc74d1dad39f5c74e2edffdf5aa2b9fe1a65d1eb4febb596202
-
Size
117KB
-
MD5
22f5b305b1623b31b102dbf27836612b
-
SHA1
612b1b118160cf1c2c1dd46fa7168a73b14f3af2
-
SHA256
5d37eb5567871bc74d1dad39f5c74e2edffdf5aa2b9fe1a65d1eb4febb596202
-
SHA512
5c17df96330dd7a424fa631e2bac3d077818e5f698ee6b01866211f293a793904f287798d00092f25475a79e9c7cc3c7e269fa3a3264a67f7ee6c11a10da5e5e
-
SSDEEP
1536:U2WcotcDWnDT3MBMURik+5EvNw6HrBNnijDjFA+YBcpOSn5ycVN2OWGeasCsRUb/:U2Wr9cxi4NxLo3Fpl7n5hj2zZ5Z0Mm
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-