General
-
Target
1031a5748f30f5a76631954563a78fc6cd2fee90caf4ea99f3274486b2e59bcf
-
Size
90KB
-
Sample
221125-z5gehsaf41
-
MD5
b486dd63270590fd68f1142e89ae2a8b
-
SHA1
2e469af3523d79bef9cfe54968582b415cf1c90d
-
SHA256
1031a5748f30f5a76631954563a78fc6cd2fee90caf4ea99f3274486b2e59bcf
-
SHA512
08de1e0a1ae69dd1ee3ada1eaa1ead23b5bab6862165d9f7882c39c408fb76ed61ba758d47bb9a12411db4f1d8fa1830fffac3c88ae7e89bfd37fef2ea2a49cd
-
SSDEEP
1536:t6fjjCd2Wq2OnudO79ocgUI8FbhmJwNAOAWVbNpBNi7c+LJD:0jCEEOnusScpzmqXV3Ni7cU
Static task
static1
Behavioral task
behavioral1
Sample
1031a5748f30f5a76631954563a78fc6cd2fee90caf4ea99f3274486b2e59bcf.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://nextgenintel.ru/raul/OpdMkfen/gate.php
Targets
-
-
Target
1031a5748f30f5a76631954563a78fc6cd2fee90caf4ea99f3274486b2e59bcf
-
Size
90KB
-
MD5
b486dd63270590fd68f1142e89ae2a8b
-
SHA1
2e469af3523d79bef9cfe54968582b415cf1c90d
-
SHA256
1031a5748f30f5a76631954563a78fc6cd2fee90caf4ea99f3274486b2e59bcf
-
SHA512
08de1e0a1ae69dd1ee3ada1eaa1ead23b5bab6862165d9f7882c39c408fb76ed61ba758d47bb9a12411db4f1d8fa1830fffac3c88ae7e89bfd37fef2ea2a49cd
-
SSDEEP
1536:t6fjjCd2Wq2OnudO79ocgUI8FbhmJwNAOAWVbNpBNi7c+LJD:0jCEEOnusScpzmqXV3Ni7cU
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-