General
-
Target
56a8af6686103a600e85ff47afd70e703e603a9e2c96546209d864ff607b7742
-
Size
42KB
-
Sample
240419-wnq1vacc21
-
MD5
1fe9879e64aeb4451eb44999f9de43e6
-
SHA1
ce4fa06ea961e0ab4c6246840638ce4f93dbb582
-
SHA256
56a8af6686103a600e85ff47afd70e703e603a9e2c96546209d864ff607b7742
-
SHA512
1f8c7721c56325633d57312bdfbfe1410159a83bdb0581068df535a1fc1098666bb93a3cb019e14ade117b8ed777ed9aea812376df51026be9188c3cad3a19cc
-
SSDEEP
768:6RtREFYA6Lv0JTy3cLdjhaUcZtZGPpgddJ6ZLpKXzmmkMmB7uEvH2ege6WxkRbvR:6RTEW38NZjhaUJPFLoX8kKDmykVR
Behavioral task
behavioral1
Sample
486f7e6a9bb25f7e3c9bc8c0b71989e3100bb881c7cb611fb904cc950aa1b051.exe
Resource
win7-20231129-en
Malware Config
Extracted
pony
http://116.122.158.195:8080/ponyb/gate.php
http://siteseoguide.com:8080/ponyb/gate.php
http://uksonlinedating.com:8080/ponyb/gate.php
http://199.59.56.105:8080/ponyb/gate.php
-
payload_url
http://02d7935.netsolhost.com/vpT0bkB.exe
http://www.wellma-reiki.de/iWdD0.exe
http://mariefredbk.se/FJkD.exe
Targets
-
-
Target
486f7e6a9bb25f7e3c9bc8c0b71989e3100bb881c7cb611fb904cc950aa1b051.exe
-
Size
91KB
-
MD5
bc5cdf045db5cd6c226fadc10951cce7
-
SHA1
913d765bc4333f731b66dc5510a0adaa0bd15fc0
-
SHA256
486f7e6a9bb25f7e3c9bc8c0b71989e3100bb881c7cb611fb904cc950aa1b051
-
SHA512
8360eedf3f16cefe11d859c5d7dcc3fe34d9a24ecb24986bc8aeffe288d54b43a7ac4ccf2ada4e90d849ea7c10bd4d12785181526c5bf2b8937fe9d37630478b
-
SSDEEP
1536:ruvKtB9aqToGNj02UyG8Mzh1SQbgxqy4Bo9O2i1O2FTuITvxEKvykzZIcZY:CK9RDG8Mzh1S3MyZqOUjEKvdpY
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-