General
-
Target
11afd4fc1992864f83f7d2dec77ca367d679050bb750ba5ed2f67cd90e548c3b
-
Size
474KB
-
Sample
221003-b8at5sbbd4
-
MD5
6b5ef5338dc5123d369372dd9e58df40
-
SHA1
f0877154597c49e957ca7d93a6af11daf4765858
-
SHA256
11afd4fc1992864f83f7d2dec77ca367d679050bb750ba5ed2f67cd90e548c3b
-
SHA512
9c4b57bf1082a3781ea5eeb00b63af8063650d8b3dab52e816da237d07fd4fa470c9863d20b27f1321e655315a626538b73c553ca7b07b22a98b7a22a62ff40e
-
SSDEEP
12288:VLnm4hcrxhDLaqdK9cObQ4dW8C/c6VVIbIsNq:V1WDLaRcZCWh/9ib5Nq
Static task
static1
Behavioral task
behavioral1
Sample
11afd4fc1992864f83f7d2dec77ca367d679050bb750ba5ed2f67cd90e548c3b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
11afd4fc1992864f83f7d2dec77ca367d679050bb750ba5ed2f67cd90e548c3b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://www.leotechnology.xyz/thamos/gate.php
Targets
-
-
Target
11afd4fc1992864f83f7d2dec77ca367d679050bb750ba5ed2f67cd90e548c3b
-
Size
474KB
-
MD5
6b5ef5338dc5123d369372dd9e58df40
-
SHA1
f0877154597c49e957ca7d93a6af11daf4765858
-
SHA256
11afd4fc1992864f83f7d2dec77ca367d679050bb750ba5ed2f67cd90e548c3b
-
SHA512
9c4b57bf1082a3781ea5eeb00b63af8063650d8b3dab52e816da237d07fd4fa470c9863d20b27f1321e655315a626538b73c553ca7b07b22a98b7a22a62ff40e
-
SSDEEP
12288:VLnm4hcrxhDLaqdK9cObQ4dW8C/c6VVIbIsNq:V1WDLaRcZCWh/9ib5Nq
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-