General
-
Target
e7c97423a3df41c9ca79bf2800c1c68c6e9efa0da200f609abbeb045520a08f4.exe
-
Size
1.0MB
-
Sample
220521-yhyjvadac4
-
MD5
90b551346b0b7a6a24960e7254c7d8c3
-
SHA1
615383e32cdea90c89fc858f023c1b21078fe504
-
SHA256
e7c97423a3df41c9ca79bf2800c1c68c6e9efa0da200f609abbeb045520a08f4
-
SHA512
6ff55086a1fb9f5734d3831f50490edefea45827c3bcb7cae8b1d7761c7e3a1d4c81add1ab897c6e425cc667e14028a079b2246b4adc57da44a3478423dfaf80
Static task
static1
Behavioral task
behavioral1
Sample
e7c97423a3df41c9ca79bf2800c1c68c6e9efa0da200f609abbeb045520a08f4.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://minhaslaw.co.uk/new/ladi/gate.php
Targets
-
-
Target
e7c97423a3df41c9ca79bf2800c1c68c6e9efa0da200f609abbeb045520a08f4.exe
-
Size
1.0MB
-
MD5
90b551346b0b7a6a24960e7254c7d8c3
-
SHA1
615383e32cdea90c89fc858f023c1b21078fe504
-
SHA256
e7c97423a3df41c9ca79bf2800c1c68c6e9efa0da200f609abbeb045520a08f4
-
SHA512
6ff55086a1fb9f5734d3831f50490edefea45827c3bcb7cae8b1d7761c7e3a1d4c81add1ab897c6e425cc667e14028a079b2246b4adc57da44a3478423dfaf80
-
Drops startup file
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-