General
-
Target
1240-64-0x0000000000400000-0x000000000041E000-memory.dmp
-
Size
120KB
-
MD5
1e3397acc68704c3786e3b60303b587e
-
SHA1
7191c23b2738ff47f65b82a2d73cecc133ddc8ea
-
SHA256
f990d454e93ae5ee8feebf27030fca2dfb7d00733d540f6f3413e7ad3ce891f1
-
SHA512
07a27949647997dabdf84ed8a1f080e956a93a7c836f9d4a605bcc40d80c2b7d99f6c6a08868a8d474f3caa755f24d7442bcdb0927905920e191c0ba609dd2d8
-
SSDEEP
1536:U+rPld4khJmqTrK0NIm6vPWQCn7WZukXCtdOs5gryTvAEEXgkzZg/WIl:xr9dXJnh6nWQg7WZ+O+iEuLYWIl
Malware Config
Extracted
pony
http://smartysoftware.com/default.php?gLHGukLTpkxsXkC3aLbu7Ldz9OZNJB2q5
http://online-ca-drivers-ed.com/default.php?GcS17FrMfMXmzM1DzBznZFr463p
http://beacelebrityforonenight.com/default.php?6QHoGVxSeMJXfNyXCrmQy5Ii
http://earlytimeschapter.org/n.htm?RsEktUktHoRCd7VkulTlEV6XrOngroqCioks
http://earlytimeschapter.org/v.htm?KtA5oYuAPirxd5JXC1JMfdrrL45khyCLEJPv
http://earlytimeschapter.org/i.htm?m7e47RGVbBAgm9rbvBUkHQ4WaOK11NCVgBfT
http://madmillionaire.com/i.htm?4ui11eBjVjH5E6bxcriqsvAhdFLhOzsl4PNmxJA
http://madmillionaire.com/x.htm?i5onPfLHKDoDTbTCAEiIDxLXv7GJgxbBye7ut6V
http://madmillionaire.com/c.htm?cuDMZUPuGtTz9xFYzA1LaJDOlftyYeroXDhwvIY
http://danporterdev.com/v.htm?iRGoiXAFMNveN9SnEGhJPBiBSHq43jaq254wEM1QW
http://danporterdev.com/i.htm?t6i8LhEy3lxRRDO5Ag71QEHCrWSDZDjdulGOyqHRc
http://danporterdev.com/c.htm?R9QED3GydwHtFslTJzJiQ5HfgtY3O5N9cJPXdNeWE
Signatures
-
Pony family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
Files
-
1240-64-0x0000000000400000-0x000000000041E000-memory.dmp
Headers
Sections