General
-
Target
d87eb569d15328e9ebc48109ed9ce0956b7e6dceaa963c964647213ee9826d2e
-
Size
231KB
-
Sample
221119-g6d2nsgf68
-
MD5
2a6999c8be836daa0fcc52937dcc7330
-
SHA1
e04829653c3670017c52db367cb696598381a0ab
-
SHA256
d87eb569d15328e9ebc48109ed9ce0956b7e6dceaa963c964647213ee9826d2e
-
SHA512
0676fd15619af1e0e9b8c3982f383455558c6fedb03291c8966916c094a2e7e7a2a24aec1f439cef26cc541cb97bdf892ecce2fad94b88170e47f6a58cb6e090
-
SSDEEP
6144:YC3l1rxIxl+cE5x6+4ElQMkJeR4fkJFqcZ5KKLGO:YCXrxICcG6ZRKQirgs
Static task
static1
Behavioral task
behavioral1
Sample
d87eb569d15328e9ebc48109ed9ce0956b7e6dceaa963c964647213ee9826d2e.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://prestigecarstorage.com.au/wp-includes/Text/Text.php
http://mcmamina.cz/media/plg_quickicon_joomlaupdate/plg_quickicon_joomlaupdate.php
http://buyseoplan.com/wp-admin/includes/includes.php
http://letssaidiana.com/wp-admin/user/user.php
http://kenyadivas.com/media/editors/editors.php
http://keithgerchak.com/wp-admin/css/css.php
http://binarycashbackdaily.com/wp-admin/maint/maint.php
http://apexsitesolutions.com/main/wp-admin/mod_html.php
http://employerservice.net/wp-includes/theme-compat/theme-compat.php
http://hmb.com.au/wp-admin/images/images.php
http://denver-computer-repairs.com/wordpress2/wp-includes/fckeditor.php
http://hatmandoo.co.uk/cache/mod_menu/mod_menu.php
http://wizjafotografii.pl/wp-content/languages/languages.php
http://steve1der.com/wp-includes/css/css.php
http://elicense.studio98test.com/wp-content/themes/Action.php
http://resiteing.com/wp-content/ID3.php
http://mimembership.com/plugins/authentication/authentication.php
http://stephenvrichardson.com/wp-includes/css/css.php
http://mycasablancaflowers.com/wp-includes/js/js.php
http://staciriordan.com/wp-includes/images/images.php
http://www.deveamusic.com/js/flowplayer/hw.php
http://infaithandhealth.org/wp-content/upgrade/upgrade.php
http://gensenjapan.com/wp-includes/css/com_jea.php
http://isyourbusinessstruggling.com/wp-content/themes/themes.php
http://winedig.com/wp-admin/js/fr.php
http://warmthmedia.com/wp-includes/images/images.php
http://virtual3dfieldtrips.com/wp-includes/images/images.php
http://boergoatsbreeder.com/wp-content/plugins/plugins.php
http://alipart.com/modules/mod_related_items/install_4d0bc8e0a4a70.php
http://theevilweevil.com/wp-includes/certificates/certificates.php
Targets
-
-
Target
d87eb569d15328e9ebc48109ed9ce0956b7e6dceaa963c964647213ee9826d2e
-
Size
231KB
-
MD5
2a6999c8be836daa0fcc52937dcc7330
-
SHA1
e04829653c3670017c52db367cb696598381a0ab
-
SHA256
d87eb569d15328e9ebc48109ed9ce0956b7e6dceaa963c964647213ee9826d2e
-
SHA512
0676fd15619af1e0e9b8c3982f383455558c6fedb03291c8966916c094a2e7e7a2a24aec1f439cef26cc541cb97bdf892ecce2fad94b88170e47f6a58cb6e090
-
SSDEEP
6144:YC3l1rxIxl+cE5x6+4ElQMkJeR4fkJFqcZ5KKLGO:YCXrxICcG6ZRKQirgs
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-