General
-
Target
d3034beda76933b176e26591b73c55eb6b982bbaa2ca10a0a55b403256f1e95a
-
Size
223KB
-
Sample
221123-p9ndhsgd7w
-
MD5
ae7b4777e8306d40e52dfcee7bce7173
-
SHA1
b366701a42238b38a1374dbedae1880653ec94d6
-
SHA256
d3034beda76933b176e26591b73c55eb6b982bbaa2ca10a0a55b403256f1e95a
-
SHA512
30f10da0fa90929ad9d6ec8817aa94d3925e50b4b6de7e03bc23ec362eba060d0f93529a2b90d2428f76ebce91dff46f80719896caa2236a652e172b0aa3e869
-
SSDEEP
3072:mqI/6p3N6hbyhcuJlb4+FTLlF+mFXvsNoMVSUxUGVJZaGCt7+N7:mqR3NxP4+FTLWAfs1+VTFo
Static task
static1
Behavioral task
behavioral1
Sample
d3034beda76933b176e26591b73c55eb6b982bbaa2ca10a0a55b403256f1e95a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d3034beda76933b176e26591b73c55eb6b982bbaa2ca10a0a55b403256f1e95a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://109.120.177.164/p/gate.php
Targets
-
-
Target
d3034beda76933b176e26591b73c55eb6b982bbaa2ca10a0a55b403256f1e95a
-
Size
223KB
-
MD5
ae7b4777e8306d40e52dfcee7bce7173
-
SHA1
b366701a42238b38a1374dbedae1880653ec94d6
-
SHA256
d3034beda76933b176e26591b73c55eb6b982bbaa2ca10a0a55b403256f1e95a
-
SHA512
30f10da0fa90929ad9d6ec8817aa94d3925e50b4b6de7e03bc23ec362eba060d0f93529a2b90d2428f76ebce91dff46f80719896caa2236a652e172b0aa3e869
-
SSDEEP
3072:mqI/6p3N6hbyhcuJlb4+FTLlF+mFXvsNoMVSUxUGVJZaGCt7+N7:mqR3NxP4+FTLWAfs1+VTFo
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-