General
-
Target
0dfff5bbf6b08a68798117e7f9126d0fd9715dc6cd2b40a4e027d54f911ad0aa.exe
-
Size
203KB
-
Sample
220514-q5l6bsaad7
-
MD5
2b7214d5daad8b850451b3b9f18aec65
-
SHA1
b77414da73fe96f7c899c4d1cf39e71803083d06
-
SHA256
0dfff5bbf6b08a68798117e7f9126d0fd9715dc6cd2b40a4e027d54f911ad0aa
-
SHA512
50a67c167078137d7b5a2ca04771cd095ed36f4eef70e62435a3aa02bcac3dee39a86c3f28e2087c1dcbd37d1553896d52d4668701b7c569bd65d942c287be66
Static task
static1
Behavioral task
behavioral1
Sample
0dfff5bbf6b08a68798117e7f9126d0fd9715dc6cd2b40a4e027d54f911ad0aa.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://abcmedicalcenter.ro/masivcas/gate.php
Targets
-
-
Target
0dfff5bbf6b08a68798117e7f9126d0fd9715dc6cd2b40a4e027d54f911ad0aa.exe
-
Size
203KB
-
MD5
2b7214d5daad8b850451b3b9f18aec65
-
SHA1
b77414da73fe96f7c899c4d1cf39e71803083d06
-
SHA256
0dfff5bbf6b08a68798117e7f9126d0fd9715dc6cd2b40a4e027d54f911ad0aa
-
SHA512
50a67c167078137d7b5a2ca04771cd095ed36f4eef70e62435a3aa02bcac3dee39a86c3f28e2087c1dcbd37d1553896d52d4668701b7c569bd65d942c287be66
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-