General
-
Target
d8f4765e0e0c32e371038daec2f0e4c30bfa905ee3a6b5a9e51cca896276546e
-
Size
141KB
-
Sample
221123-p7lrxadb93
-
MD5
47f26ca4e01f8df722f19b736d6729f6
-
SHA1
c24fa974637a62e07f29c0c3e469bdb54d7e41e3
-
SHA256
d8f4765e0e0c32e371038daec2f0e4c30bfa905ee3a6b5a9e51cca896276546e
-
SHA512
af5eb6a3a40159161a2e9a4c316628f5622112109e5af955d2f95f6bafc61b1a3065ea6e92f996d5b7c26446f10b73c949c3ddfed83a52e26f86ca60d8a920a3
-
SSDEEP
3072:BaB54+8diXhyR1FTuxCcxEyuw82jsb9om4DLJngkECPMLjjPEJm:BaBlSSyRcC45j7hgeojf
Static task
static1
Behavioral task
behavioral1
Sample
d8f4765e0e0c32e371038daec2f0e4c30bfa905ee3a6b5a9e51cca896276546e.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://62.76.191.81:7623/forum/gate.php
Targets
-
-
Target
d8f4765e0e0c32e371038daec2f0e4c30bfa905ee3a6b5a9e51cca896276546e
-
Size
141KB
-
MD5
47f26ca4e01f8df722f19b736d6729f6
-
SHA1
c24fa974637a62e07f29c0c3e469bdb54d7e41e3
-
SHA256
d8f4765e0e0c32e371038daec2f0e4c30bfa905ee3a6b5a9e51cca896276546e
-
SHA512
af5eb6a3a40159161a2e9a4c316628f5622112109e5af955d2f95f6bafc61b1a3065ea6e92f996d5b7c26446f10b73c949c3ddfed83a52e26f86ca60d8a920a3
-
SSDEEP
3072:BaB54+8diXhyR1FTuxCcxEyuw82jsb9om4DLJngkECPMLjjPEJm:BaBlSSyRcC45j7hgeojf
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-