General
-
Target
d61ff62936724a5040e11ba0ee983a9dc5df130e7d20ac17d123e1b7434a364d
-
Size
156KB
-
Sample
221126-a894kadg9y
-
MD5
fbd6e10afe8c8ff5f620fabcf9c3ecb9
-
SHA1
a42200d352eb648a0298e52b4e1c227a71ea762e
-
SHA256
d61ff62936724a5040e11ba0ee983a9dc5df130e7d20ac17d123e1b7434a364d
-
SHA512
c6efeadb2eb7a46ed1d38b735f8098822e0a81d716dc33471924dc7716299d1f23e8f6ea35da8104c319e823ffe560af658fa5f24cc85273076b086ec8421015
-
SSDEEP
3072:uDc95K4yZ0biYZR6c7OS6mBMzFOaLF/lPIN4Ub09Q:uIK4yqbjnEmBtaJdPO4Ub0
Static task
static1
Behavioral task
behavioral1
Sample
d61ff62936724a5040e11ba0ee983a9dc5df130e7d20ac17d123e1b7434a364d.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://www.powerturk.rocks/web/gate.php
http://www.powerturk.rocks/webd/gate.php
Targets
-
-
Target
d61ff62936724a5040e11ba0ee983a9dc5df130e7d20ac17d123e1b7434a364d
-
Size
156KB
-
MD5
fbd6e10afe8c8ff5f620fabcf9c3ecb9
-
SHA1
a42200d352eb648a0298e52b4e1c227a71ea762e
-
SHA256
d61ff62936724a5040e11ba0ee983a9dc5df130e7d20ac17d123e1b7434a364d
-
SHA512
c6efeadb2eb7a46ed1d38b735f8098822e0a81d716dc33471924dc7716299d1f23e8f6ea35da8104c319e823ffe560af658fa5f24cc85273076b086ec8421015
-
SSDEEP
3072:uDc95K4yZ0biYZR6c7OS6mBMzFOaLF/lPIN4Ub09Q:uIK4yqbjnEmBtaJdPO4Ub0
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-