General
-
Target
b81a384d9607947ff2cbb9082cd1f0b335979265bbd1a6380975c7b102db1ab8
-
Size
108KB
-
Sample
221203-hffy1sga7t
-
MD5
b54affd7d5abe286bccde7ac3384d8c3
-
SHA1
7abeb97f8378bc07db56e55b19c6dd28209c9051
-
SHA256
b81a384d9607947ff2cbb9082cd1f0b335979265bbd1a6380975c7b102db1ab8
-
SHA512
1c89cc60c6b6f7380f3af0b35a1a21912ee98f3c7cf195537cfb383bc57af701aa8474e1f81e5571549deceb94b4d660faf1a211db91b7fd9df5d7600d7242fc
-
SSDEEP
3072:Yz97BOeCiqsqKj8AVxuKamEhe6pjA6BEUL5k:WMdifqKAwx72115k
Static task
static1
Behavioral task
behavioral1
Sample
b81a384d9607947ff2cbb9082cd1f0b335979265bbd1a6380975c7b102db1ab8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b81a384d9607947ff2cbb9082cd1f0b335979265bbd1a6380975c7b102db1ab8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://admin.vojtekracing.hu:8080/ponyb/gate.php
http://media.vojtekracing.hu:8080/ponyb/gate.php
http://vojtekracing.hu:8080/ponyb/gate.php
http://195.5.208.204:8080/ponyb/gate.php
-
payload_url
http://metamoraequine.com/8LhMz.exe
http://gulf-coast-rentals.net/Qsad9cAN.exe
http://ws-heimann.de/SVLsn.exe
Targets
-
-
Target
b81a384d9607947ff2cbb9082cd1f0b335979265bbd1a6380975c7b102db1ab8
-
Size
108KB
-
MD5
b54affd7d5abe286bccde7ac3384d8c3
-
SHA1
7abeb97f8378bc07db56e55b19c6dd28209c9051
-
SHA256
b81a384d9607947ff2cbb9082cd1f0b335979265bbd1a6380975c7b102db1ab8
-
SHA512
1c89cc60c6b6f7380f3af0b35a1a21912ee98f3c7cf195537cfb383bc57af701aa8474e1f81e5571549deceb94b4d660faf1a211db91b7fd9df5d7600d7242fc
-
SSDEEP
3072:Yz97BOeCiqsqKj8AVxuKamEhe6pjA6BEUL5k:WMdifqKAwx72115k
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-