General
-
Target
68ae2aa17c2e13a2835d6ac134cdb7f1d9e4bb5bd41c0ca76cbffaed758adc29.exe
-
Size
91KB
-
Sample
220521-yhyvlsdac6
-
MD5
b3c3360d6e54c2426443f431ee9ce080
-
SHA1
1cc0d296ae40d866da9cb9c3ac11c34f3e6dc82f
-
SHA256
68ae2aa17c2e13a2835d6ac134cdb7f1d9e4bb5bd41c0ca76cbffaed758adc29
-
SHA512
cb3efdc6d9f70c6f6b877caa622eba45d55786215ac576030269a2a2e01e839c0dab9ecb4d8c744875e169da0949fd78e6ebd978210ba3e55f36633519cd93cd
Static task
static1
Behavioral task
behavioral1
Sample
68ae2aa17c2e13a2835d6ac134cdb7f1d9e4bb5bd41c0ca76cbffaed758adc29.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://slatesupply.com/ponyf/gate.php
http://solarroofingsupply.com/ponyf/gate.php
http://thinkgreensupply.com/ponyf/gate.php
http://pacificcontractsources.com/ponyf/gate.php
-
payload_url
http://www.salus626.it/9AUKtdw.exe
http://208.2.139.48/h4AFprQF.exe
http://pmengineering.planetstudioweb.com/ntLgeUFU.exe
Targets
-
-
Target
68ae2aa17c2e13a2835d6ac134cdb7f1d9e4bb5bd41c0ca76cbffaed758adc29.exe
-
Size
91KB
-
MD5
b3c3360d6e54c2426443f431ee9ce080
-
SHA1
1cc0d296ae40d866da9cb9c3ac11c34f3e6dc82f
-
SHA256
68ae2aa17c2e13a2835d6ac134cdb7f1d9e4bb5bd41c0ca76cbffaed758adc29
-
SHA512
cb3efdc6d9f70c6f6b877caa622eba45d55786215ac576030269a2a2e01e839c0dab9ecb4d8c744875e169da0949fd78e6ebd978210ba3e55f36633519cd93cd
-
suricata: ET MALWARE Fareit/Pony Downloader Checkin 2
suricata: ET MALWARE Fareit/Pony Downloader Checkin 2
-
suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-