General
-
Target
c45751223e10bd50f236e4c9d16f8f80e5077f2a6c27a1d128624b5983403435
-
Size
290KB
-
Sample
221119-hdeyyaha57
-
MD5
162f7dc036ce33e6c43855fc9f799e20
-
SHA1
f537ed2cdfb01dd9be5149e8fca4d477500ffa86
-
SHA256
c45751223e10bd50f236e4c9d16f8f80e5077f2a6c27a1d128624b5983403435
-
SHA512
e8b6b158cc3c1e6108dad38177a319fe5028a0cce6daf0843805f8fe823c9d671a3d7b6a0209aa97d538a438633612d17616c409e41971fa19dd7bd108314e26
-
SSDEEP
3072:UYZJCd1m3L0Jat2DRIF42niYGrNdZU406z+FU3Jjjpt7cuwBCi1BHHBFobHbEzVU:oAaoG966seh7UCi8zbE1+
Static task
static1
Behavioral task
behavioral1
Sample
c45751223e10bd50f236e4c9d16f8f80e5077f2a6c27a1d128624b5983403435.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://bosconova.com/mcs/gate.php
Targets
-
-
Target
c45751223e10bd50f236e4c9d16f8f80e5077f2a6c27a1d128624b5983403435
-
Size
290KB
-
MD5
162f7dc036ce33e6c43855fc9f799e20
-
SHA1
f537ed2cdfb01dd9be5149e8fca4d477500ffa86
-
SHA256
c45751223e10bd50f236e4c9d16f8f80e5077f2a6c27a1d128624b5983403435
-
SHA512
e8b6b158cc3c1e6108dad38177a319fe5028a0cce6daf0843805f8fe823c9d671a3d7b6a0209aa97d538a438633612d17616c409e41971fa19dd7bd108314e26
-
SSDEEP
3072:UYZJCd1m3L0Jat2DRIF42niYGrNdZU406z+FU3Jjjpt7cuwBCi1BHHBFobHbEzVU:oAaoG966seh7UCi8zbE1+
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-