General
-
Target
9b7fb8ee9e212cf92292c0a71df21e9558201bc8b53cf994279d091ddc4b47e9
-
Size
278KB
-
Sample
221125-3n412afc57
-
MD5
d0326f8847dd8b0f85da7c203742773b
-
SHA1
8dafd88fd807b74a88792ad3878ffec3504c6539
-
SHA256
9b7fb8ee9e212cf92292c0a71df21e9558201bc8b53cf994279d091ddc4b47e9
-
SHA512
0a2eee9d57dcce253c41b6ef7ee92772d5166782e8f9dcbac9570f2c758b55b95d27f0247653e56d7e97cfb14b1b5aef193a7c230507228de61fb0289ea69deb
-
SSDEEP
6144:KQPqT46Et9e0OjlKZbc+TsGoN3gnLapsG6Q2zF2eXNiA:K4zVI0fce4M66hPNi
Static task
static1
Behavioral task
behavioral1
Sample
9b7fb8ee9e212cf92292c0a71df21e9558201bc8b53cf994279d091ddc4b47e9.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
9b7fb8ee9e212cf92292c0a71df21e9558201bc8b53cf994279d091ddc4b47e9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://91.220.163.21/pony2/gate.php
Targets
-
-
Target
9b7fb8ee9e212cf92292c0a71df21e9558201bc8b53cf994279d091ddc4b47e9
-
Size
278KB
-
MD5
d0326f8847dd8b0f85da7c203742773b
-
SHA1
8dafd88fd807b74a88792ad3878ffec3504c6539
-
SHA256
9b7fb8ee9e212cf92292c0a71df21e9558201bc8b53cf994279d091ddc4b47e9
-
SHA512
0a2eee9d57dcce253c41b6ef7ee92772d5166782e8f9dcbac9570f2c758b55b95d27f0247653e56d7e97cfb14b1b5aef193a7c230507228de61fb0289ea69deb
-
SSDEEP
6144:KQPqT46Et9e0OjlKZbc+TsGoN3gnLapsG6Q2zF2eXNiA:K4zVI0fce4M66hPNi
Score10/10-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-