General
-
Target
e0dbbce3b993e5d2ba90ab13bbe2607e531a424bebba9b6cadcd840efb9c62a5
-
Size
194KB
-
Sample
221124-wmmxssag86
-
MD5
3488f48b13ce7dfb429dc985783ec432
-
SHA1
a9d2426102ab7264cdf22e0a22b453e979196919
-
SHA256
e0dbbce3b993e5d2ba90ab13bbe2607e531a424bebba9b6cadcd840efb9c62a5
-
SHA512
a58aa9be539c16e64dbd26db4fddc8f2411707a4c19ebc3c1e11619ff52e9310d3bea5cf01e0377e1c9ea3de2062f6b5612e8b61781ecc586c6dd7808dc9f41b
-
SSDEEP
3072:uAFrJ+2f9rAQj16WKkDxyndO62xLtc7AfOGC1K5RB2tHsT:uYd+AAQj0WKkDknwPLJmGCs5HqsT
Static task
static1
Behavioral task
behavioral1
Sample
e0dbbce3b993e5d2ba90ab13bbe2607e531a424bebba9b6cadcd840efb9c62a5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e0dbbce3b993e5d2ba90ab13bbe2607e531a424bebba9b6cadcd840efb9c62a5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://saraconnor4you.com/gate.php
-
payload_url
http://www.gt-moebel.de/administrator/templates/system/images/png.exe
http://fenster-metallbau-lahntal.de/um-formmailer/templates/png.exe
Targets
-
-
Target
e0dbbce3b993e5d2ba90ab13bbe2607e531a424bebba9b6cadcd840efb9c62a5
-
Size
194KB
-
MD5
3488f48b13ce7dfb429dc985783ec432
-
SHA1
a9d2426102ab7264cdf22e0a22b453e979196919
-
SHA256
e0dbbce3b993e5d2ba90ab13bbe2607e531a424bebba9b6cadcd840efb9c62a5
-
SHA512
a58aa9be539c16e64dbd26db4fddc8f2411707a4c19ebc3c1e11619ff52e9310d3bea5cf01e0377e1c9ea3de2062f6b5612e8b61781ecc586c6dd7808dc9f41b
-
SSDEEP
3072:uAFrJ+2f9rAQj16WKkDxyndO62xLtc7AfOGC1K5RB2tHsT:uYd+AAQj0WKkDknwPLJmGCs5HqsT
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-