General
-
Target
40d656064f338170882f2de5b2983bd751d102c5986a84ab6a8bd6c61adbf0fc
-
Size
197KB
-
Sample
220120-vdpvcsagdj
-
MD5
c509c11adc8929e2a932b4bda1216791
-
SHA1
985cf44ab37c06fe2d544cc350210e4a65eb3136
-
SHA256
40d656064f338170882f2de5b2983bd751d102c5986a84ab6a8bd6c61adbf0fc
-
SHA512
e537eb81f104dd55e818f6d516fa11fb9e5f7407436d570b76b5e69fc1cf33e5b114404000d02d1bdea0b2ae2bd4c632f3d3a84bdb4af63ed821e4dae7a9187c
Static task
static1
Behavioral task
behavioral1
Sample
40d656064f338170882f2de5b2983bd751d102c5986a84ab6a8bd6c61adbf0fc.exe
Resource
win10-en-20211208
Malware Config
Extracted
pony
http://windowssecuritycheck.gdn/jx/p/gate.php
Targets
-
-
Target
40d656064f338170882f2de5b2983bd751d102c5986a84ab6a8bd6c61adbf0fc
-
Size
197KB
-
MD5
c509c11adc8929e2a932b4bda1216791
-
SHA1
985cf44ab37c06fe2d544cc350210e4a65eb3136
-
SHA256
40d656064f338170882f2de5b2983bd751d102c5986a84ab6a8bd6c61adbf0fc
-
SHA512
e537eb81f104dd55e818f6d516fa11fb9e5f7407436d570b76b5e69fc1cf33e5b114404000d02d1bdea0b2ae2bd4c632f3d3a84bdb4af63ed821e4dae7a9187c
-
suricata: ET MALWARE Generic .bin download from Dotted Quad
suricata: ET MALWARE Generic .bin download from Dotted Quad
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-