General
-
Target
506ac65c9f34f90eb3717bbac0dcbb06b647dca8472296bc97e25378b993bd6a
-
Size
208KB
-
Sample
221127-qdyp2sab88
-
MD5
defb4cda11dd54702eb9d02149fb1f67
-
SHA1
4d4720064ef3a0b0f871bde8becd7148823aa210
-
SHA256
506ac65c9f34f90eb3717bbac0dcbb06b647dca8472296bc97e25378b993bd6a
-
SHA512
e3b687865139f038952b22b5f262f72e66bb1df2a32665f0fef4f8419cb4fa0279644c3d3d34754bb72691408e3a5951673951c155ffa2917dd18ce230b37c35
-
SSDEEP
3072:oU+8ZmPF6eFvOzie6NQHbO3wo+9qVYUCj4ra:Z+qFUNA473CjZ
Static task
static1
Behavioral task
behavioral1
Sample
506ac65c9f34f90eb3717bbac0dcbb06b647dca8472296bc97e25378b993bd6a.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://54.178.140.122:8080/imageslib/upload.php
http://84.40.2.227:8080/imageslib/upload.php
http://89.107.184.219:8080/imageslib/upload.php
http://46.105.102.76:8080/imageslib/upload.php
Targets
-
-
Target
506ac65c9f34f90eb3717bbac0dcbb06b647dca8472296bc97e25378b993bd6a
-
Size
208KB
-
MD5
defb4cda11dd54702eb9d02149fb1f67
-
SHA1
4d4720064ef3a0b0f871bde8becd7148823aa210
-
SHA256
506ac65c9f34f90eb3717bbac0dcbb06b647dca8472296bc97e25378b993bd6a
-
SHA512
e3b687865139f038952b22b5f262f72e66bb1df2a32665f0fef4f8419cb4fa0279644c3d3d34754bb72691408e3a5951673951c155ffa2917dd18ce230b37c35
-
SSDEEP
3072:oU+8ZmPF6eFvOzie6NQHbO3wo+9qVYUCj4ra:Z+qFUNA473CjZ
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-