General
-
Target
d83c7bd90c8bb1fceb49459564e5314741cd28afa91277794ed854457863a7b2
-
Size
190KB
-
Sample
221126-y222daeh5z
-
MD5
8a779de1d612b777ac11c168a86be4e2
-
SHA1
9c9c134db1639f9afaec8f66ac5d042c97c973c8
-
SHA256
d83c7bd90c8bb1fceb49459564e5314741cd28afa91277794ed854457863a7b2
-
SHA512
01c6231cc8bc08f78e1e4704bd61f5c5d3a79dab1527f2e11f3dcfa8b2e127e7a9ff91b6aea63064f8eba3f35e64e82001e870f7401da28e91db87074a92961f
-
SSDEEP
3072:xmc2ABoEk4UAmPA1xI5VBN63V/TGlsPR3s75nyGeeQNH9wd9dI+7gY/bJ6tFLKkL:cc2Adk4qAKBNm5TGlsJ3sRWod9dwYEtG
Static task
static1
Behavioral task
behavioral1
Sample
d83c7bd90c8bb1fceb49459564e5314741cd28afa91277794ed854457863a7b2.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://appridefirstcom.com/gate.php
http://forcaltonttof.com/gate.php
http://padetitdidn.com/gate.php
-
payload_url
http://oracleq.com/wp-content/plugins/feedweb_data/k1.exe
http://webmobidesign.com/wp-content/plugins/feedweb_data/k1.exe
http://shalomfafrica.com/wp-content/plugins/feedweb_data/k1.exe
Targets
-
-
Target
d83c7bd90c8bb1fceb49459564e5314741cd28afa91277794ed854457863a7b2
-
Size
190KB
-
MD5
8a779de1d612b777ac11c168a86be4e2
-
SHA1
9c9c134db1639f9afaec8f66ac5d042c97c973c8
-
SHA256
d83c7bd90c8bb1fceb49459564e5314741cd28afa91277794ed854457863a7b2
-
SHA512
01c6231cc8bc08f78e1e4704bd61f5c5d3a79dab1527f2e11f3dcfa8b2e127e7a9ff91b6aea63064f8eba3f35e64e82001e870f7401da28e91db87074a92961f
-
SSDEEP
3072:xmc2ABoEk4UAmPA1xI5VBN63V/TGlsPR3s75nyGeeQNH9wd9dI+7gY/bJ6tFLKkL:cc2Adk4qAKBNm5TGlsJ3sRWod9dwYEtG
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-