General
-
Target
51bd8818a1e376d1421e44c13657675b99ff1ce0f23ffa9d50447872069a7ba6.exe
-
Size
72KB
-
Sample
220521-yhy6dagcan
-
MD5
ebca97ec7e2841ac1cec989392e834be
-
SHA1
0858585a119bcc2314f67705bed76e17046c7f6d
-
SHA256
51bd8818a1e376d1421e44c13657675b99ff1ce0f23ffa9d50447872069a7ba6
-
SHA512
a55936165ded5083ea255801a3c5477b3eadbc5fe5b1ff715e16593bae44646cf0705ba63d7cf39409fdf3ca626ef91ae53dfa34d8404eb6eb0fa54bc950dbb6
Static task
static1
Behavioral task
behavioral1
Sample
51bd8818a1e376d1421e44c13657675b99ff1ce0f23ffa9d50447872069a7ba6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
51bd8818a1e376d1421e44c13657675b99ff1ce0f23ffa9d50447872069a7ba6.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
pony
http://hospinorte.com.py/wp-includes/docd/panel/gate.php
http://hospinorte.com.py/wp-includes/docd/panel/amara.php
Targets
-
-
Target
51bd8818a1e376d1421e44c13657675b99ff1ce0f23ffa9d50447872069a7ba6.exe
-
Size
72KB
-
MD5
ebca97ec7e2841ac1cec989392e834be
-
SHA1
0858585a119bcc2314f67705bed76e17046c7f6d
-
SHA256
51bd8818a1e376d1421e44c13657675b99ff1ce0f23ffa9d50447872069a7ba6
-
SHA512
a55936165ded5083ea255801a3c5477b3eadbc5fe5b1ff715e16593bae44646cf0705ba63d7cf39409fdf3ca626ef91ae53dfa34d8404eb6eb0fa54bc950dbb6
-
suricata: ET MALWARE Fareit/Pony Downloader Checkin 3
suricata: ET MALWARE Fareit/Pony Downloader Checkin 3
-
suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-