General
-
Target
45fe119d5b7d73a1434401129c0ddbd0012399bcdb73c8a7f6878503146677b0.exe
-
Size
756KB
-
Sample
220521-yhyjvagbhn
-
MD5
bd91a8ac0f31d7717bb654a398e92b59
-
SHA1
722a0604c3709b7713114f934bde6730c4538d7a
-
SHA256
45fe119d5b7d73a1434401129c0ddbd0012399bcdb73c8a7f6878503146677b0
-
SHA512
a08aa1e05afdcabda6e18a7df5f93c6a35109d8f3344cf3e1160a0c7f62a82e82ad0330cf63635c2d83d5aa62442cc66faaef3053d71b3f9bfbc7989e68cc07f
Static task
static1
Behavioral task
behavioral1
Sample
45fe119d5b7d73a1434401129c0ddbd0012399bcdb73c8a7f6878503146677b0.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://198.27.98.247/Pony/gate.php
Targets
-
-
Target
45fe119d5b7d73a1434401129c0ddbd0012399bcdb73c8a7f6878503146677b0.exe
-
Size
756KB
-
MD5
bd91a8ac0f31d7717bb654a398e92b59
-
SHA1
722a0604c3709b7713114f934bde6730c4538d7a
-
SHA256
45fe119d5b7d73a1434401129c0ddbd0012399bcdb73c8a7f6878503146677b0
-
SHA512
a08aa1e05afdcabda6e18a7df5f93c6a35109d8f3344cf3e1160a0c7f62a82e82ad0330cf63635c2d83d5aa62442cc66faaef3053d71b3f9bfbc7989e68cc07f
-
suricata: ET MALWARE Fareit/Pony Downloader Checkin 2
suricata: ET MALWARE Fareit/Pony Downloader Checkin 2
-
suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
-
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
-
suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-