General
-
Target
d30f68de942230f770c1ba98b6210ab3f4df162c329416335c4a3b608913059b.exe
-
Size
91KB
-
Sample
220521-yhy6dagcap
-
MD5
3e1c8315789762b75a84c82c572a16fc
-
SHA1
03d5193ae7192053c9fe1ceb562a12981fd3fbf0
-
SHA256
d30f68de942230f770c1ba98b6210ab3f4df162c329416335c4a3b608913059b
-
SHA512
05422ecece43c79361b9f28275d6834ed6878c7ab74e9fbdc8915c32e491ab90d48db00d6311aafc689b3796da5a87fec1492c825f929994d4e7f653b2958ca2
Static task
static1
Behavioral task
behavioral1
Sample
d30f68de942230f770c1ba98b6210ab3f4df162c329416335c4a3b608913059b.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://berkshirehathawayalamoheights.com/ponyf/gate.php
http://berkshirehathawayboerne.com/ponyf/gate.php
http://berkshirehathawaybulverde.com/ponyf/gate.php
http://berkshirehathawaycanyonlake.com/ponyf/gate.php
-
payload_url
http://128.121.242.173/4Ctnc8R.exe
http://www.salus626.it/9AUKtdw.exe
http://208.2.139.48/h4AFprQF.exe
Targets
-
-
Target
d30f68de942230f770c1ba98b6210ab3f4df162c329416335c4a3b608913059b.exe
-
Size
91KB
-
MD5
3e1c8315789762b75a84c82c572a16fc
-
SHA1
03d5193ae7192053c9fe1ceb562a12981fd3fbf0
-
SHA256
d30f68de942230f770c1ba98b6210ab3f4df162c329416335c4a3b608913059b
-
SHA512
05422ecece43c79361b9f28275d6834ed6878c7ab74e9fbdc8915c32e491ab90d48db00d6311aafc689b3796da5a87fec1492c825f929994d4e7f653b2958ca2
-
suricata: ET MALWARE Fareit/Pony Downloader Checkin 2
suricata: ET MALWARE Fareit/Pony Downloader Checkin 2
-
suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-