General
-
Target
521c1b5c39bb8860f2b65a432774afa5f28b25a58346f9a7a78689c1394b3a7b
-
Size
164KB
-
Sample
221003-cxe56acca8
-
MD5
0ef6ea056a8a3dbba9114e622a05a7eb
-
SHA1
e30e6f1502d82eae64b0e3080221759fed74707b
-
SHA256
521c1b5c39bb8860f2b65a432774afa5f28b25a58346f9a7a78689c1394b3a7b
-
SHA512
e0699bde9c5f9fb9c6be3e56e5a1c4ea70f1271f1bd93bc46b3032f0619091e1aa120e5b3112be29c42fb832b92546bb9126fbd8f7baa07cf8e3385da492837d
-
SSDEEP
3072:uki8B7MWh6SNSpHswjSQ5X+YOroJW/4jZ4VEMGgj0R:m8B7uDM6SQikW/Ojgw
Static task
static1
Behavioral task
behavioral1
Sample
521c1b5c39bb8860f2b65a432774afa5f28b25a58346f9a7a78689c1394b3a7b.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://www.youngworldplc.com/img/gate.php
-
payload_url
http://www.youngworldplc.com/img/file.exe
Targets
-
-
Target
521c1b5c39bb8860f2b65a432774afa5f28b25a58346f9a7a78689c1394b3a7b
-
Size
164KB
-
MD5
0ef6ea056a8a3dbba9114e622a05a7eb
-
SHA1
e30e6f1502d82eae64b0e3080221759fed74707b
-
SHA256
521c1b5c39bb8860f2b65a432774afa5f28b25a58346f9a7a78689c1394b3a7b
-
SHA512
e0699bde9c5f9fb9c6be3e56e5a1c4ea70f1271f1bd93bc46b3032f0619091e1aa120e5b3112be29c42fb832b92546bb9126fbd8f7baa07cf8e3385da492837d
-
SSDEEP
3072:uki8B7MWh6SNSpHswjSQ5X+YOroJW/4jZ4VEMGgj0R:m8B7uDM6SQikW/Ojgw
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-