General
-
Target
cc8a0eed0157b9d81d1f5f78f2bdc70b4d6ea3cb7faedfb7ecdf3d64c8a28990
-
Size
726KB
-
Sample
221125-zrw8tahd9y
-
MD5
f70c76e1ea3144c66e5be2279854ef2a
-
SHA1
319a4cb4cdec39e660e0cbdf5d1e0193c48ead4a
-
SHA256
cc8a0eed0157b9d81d1f5f78f2bdc70b4d6ea3cb7faedfb7ecdf3d64c8a28990
-
SHA512
8eeee2baf7d174a114f20879a174212b55287bb1ba33514504bf8ca090824012d341269bbbd4380220b63ff287b9839d9876bb296aae78f0aab62d583123b46e
-
SSDEEP
12288:dwx+Xman+qsAjKkakdGZLfgmjhaOiL7e4K8XCqerqla1gp:dwA0AjxFdaDaOiL7e4Kvq1014
Static task
static1
Behavioral task
behavioral1
Sample
cc8a0eed0157b9d81d1f5f78f2bdc70b4d6ea3cb7faedfb7ecdf3d64c8a28990.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://nextgenintel.ru/frob/po/gate.php
Targets
-
-
Target
cc8a0eed0157b9d81d1f5f78f2bdc70b4d6ea3cb7faedfb7ecdf3d64c8a28990
-
Size
726KB
-
MD5
f70c76e1ea3144c66e5be2279854ef2a
-
SHA1
319a4cb4cdec39e660e0cbdf5d1e0193c48ead4a
-
SHA256
cc8a0eed0157b9d81d1f5f78f2bdc70b4d6ea3cb7faedfb7ecdf3d64c8a28990
-
SHA512
8eeee2baf7d174a114f20879a174212b55287bb1ba33514504bf8ca090824012d341269bbbd4380220b63ff287b9839d9876bb296aae78f0aab62d583123b46e
-
SSDEEP
12288:dwx+Xman+qsAjKkakdGZLfgmjhaOiL7e4K8XCqerqla1gp:dwA0AjxFdaDaOiL7e4Kvq1014
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-