General
-
Target
204cefcd26564660bf062326f6debc037d6a328089f60b3f06dee088eff67e17
-
Size
131KB
-
Sample
221003-cwgmladgfp
-
MD5
3c729f0528c8fc8a4c5c5b0def04bade
-
SHA1
7ea0389ca1d892fb0ec0c2b6c3e94c3893b25f31
-
SHA256
204cefcd26564660bf062326f6debc037d6a328089f60b3f06dee088eff67e17
-
SHA512
b3f5038ade2ba22dba5b862be0678982574578ff1ee4ff481cb04cd1f08639d54f2ad59bd10c76dcf26d6a1fc69d6dbc4c3421e7f4756ae5146649a993aefc8b
-
SSDEEP
3072:LAsj8MBX8s0oXJcRe3Yvi25TpVAHBb8rUhdiXYv2MOenN:LAsBZyReoRTpcgr6diKlOeN
Static task
static1
Behavioral task
behavioral1
Sample
204cefcd26564660bf062326f6debc037d6a328089f60b3f06dee088eff67e17.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://shared-30.ccihosting.com/~streamkn/panel/gate.php
Targets
-
-
Target
204cefcd26564660bf062326f6debc037d6a328089f60b3f06dee088eff67e17
-
Size
131KB
-
MD5
3c729f0528c8fc8a4c5c5b0def04bade
-
SHA1
7ea0389ca1d892fb0ec0c2b6c3e94c3893b25f31
-
SHA256
204cefcd26564660bf062326f6debc037d6a328089f60b3f06dee088eff67e17
-
SHA512
b3f5038ade2ba22dba5b862be0678982574578ff1ee4ff481cb04cd1f08639d54f2ad59bd10c76dcf26d6a1fc69d6dbc4c3421e7f4756ae5146649a993aefc8b
-
SSDEEP
3072:LAsj8MBX8s0oXJcRe3Yvi25TpVAHBb8rUhdiXYv2MOenN:LAsBZyReoRTpcgr6diKlOeN
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-