General
-
Target
879438326a1e539458d37ec4fc8b3cac06fe058ece91a0586516110584858e97
-
Size
42KB
-
Sample
240419-wnp4jscc2z
-
MD5
fed6bbf80ccd4a78bebca3102312f1f4
-
SHA1
2c9846cd7f317f381426b6b9c55fe787f2d8784b
-
SHA256
879438326a1e539458d37ec4fc8b3cac06fe058ece91a0586516110584858e97
-
SHA512
13eb655d84a8070525fc94de073f6c6e8e222d559471c0d9ef5af37f4d9ce85215c757e1497f1705abf8e6509c5cd8038b9ee75f6e7a7712bbe911b6af7dc527
-
SSDEEP
768:6/yZPG/Cu/2jCNOZoe1CFYk5ah1s2jMg2DISsh61EBF5sDCuQzR+PGS2T:PdcICNqoeUYk8h1sP9sF53uQz0PU
Behavioral task
behavioral1
Sample
45eb8716cd1d4836a4d1a620c1936c9a0342b340c9987a67501c3226dda61731.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://br1.irontrial.com:8080/ponyd/gate.php
http://br1.pineapplesdonthavesleeves.com:8080/ponyd/gate.php
http://89.166.50.40:8080/ponyd/gate.php
http://6.magicalomaha.co/ponyd/gate.php
-
payload_url
http://homeschooldressage.com/2Q3.exe
http://ftp.sveikasdumas.lt/9oQB5YNa.exe
http://sol-electrica.com/dbsQ.exe
http://stockinter.intersport.es/MU4jW3pk.exe
http://healthblognetworks.com/Nt5p7X.exe
http://energy-without-carbon.com/YPHHERQ.exe
http://efumi.bokunenjin.com/wXQy.exe
Targets
-
-
Target
45eb8716cd1d4836a4d1a620c1936c9a0342b340c9987a67501c3226dda61731.exe
-
Size
90KB
-
MD5
ab02eb6c6027099212b02fd88b33a4d0
-
SHA1
76e96a0f0b25597e8c55be091bd1fb6dcf1400fe
-
SHA256
45eb8716cd1d4836a4d1a620c1936c9a0342b340c9987a67501c3226dda61731
-
SHA512
313d780c7902f6f24e969a79155dcb7450411c3cdf75cbde3c06d83f65fb3e28d7f75deeaf59b6e5aad62cf6e84daee3f0cd7a765db06a5b347c4d9d9f83916a
-
SSDEEP
1536:jpy3U89ctqTG4a2SPE3gwzv+vY6Yau/yH4/eu2OycwFTvtEiwkzZEw:VyrcpYgwzveY6zCyH9Oy9HEi7Ew
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-