General
-
Target
7d68fe3251330739fdac268f37bc3fd193f95e741919ea2dfd214387f719b682
-
Size
399KB
-
Sample
221127-q9jk1agb2s
-
MD5
b6a5104a3e9d1acf34d8a650f0fbf109
-
SHA1
8a7e98818f1b0bf704895c93e9b60e2107cbec30
-
SHA256
7d68fe3251330739fdac268f37bc3fd193f95e741919ea2dfd214387f719b682
-
SHA512
9d96c03411591b72f3a44226f91e1cde668e7bc03b5069a99aa5210d21385650fbf5a8b6b152349a568cbfdb8b52c2fce4a3f29993e8d350b3012c686742ab4f
-
SSDEEP
12288:ieTEE97kJ2twENPuHc2Z6YDpbSn6Gd4L/:hEEA2jF2VbS6GGL
Static task
static1
Behavioral task
behavioral1
Sample
7d68fe3251330739fdac268f37bc3fd193f95e741919ea2dfd214387f719b682.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://mystoredoc.com/gate.php
http://sestoreinv.com/gate.php
http://menstoreins.com/gate.php
-
payload_url
http://debtcollectionlaw.net/wp-content/plugins/cached_data/m3.exe
http://delpuerto.com.br/wp-content/plugins/cached_data/m3.exe
http://dentaltechnik-obert.de/wp-content/plugins/cached_data/m3.exe
Targets
-
-
Target
7d68fe3251330739fdac268f37bc3fd193f95e741919ea2dfd214387f719b682
-
Size
399KB
-
MD5
b6a5104a3e9d1acf34d8a650f0fbf109
-
SHA1
8a7e98818f1b0bf704895c93e9b60e2107cbec30
-
SHA256
7d68fe3251330739fdac268f37bc3fd193f95e741919ea2dfd214387f719b682
-
SHA512
9d96c03411591b72f3a44226f91e1cde668e7bc03b5069a99aa5210d21385650fbf5a8b6b152349a568cbfdb8b52c2fce4a3f29993e8d350b3012c686742ab4f
-
SSDEEP
12288:ieTEE97kJ2twENPuHc2Z6YDpbSn6Gd4L/:hEEA2jF2VbS6GGL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-