General
-
Target
2bbb6cf3893979eb0975a77435deae8c284daf889648a3cee78b086535f67ce6
-
Size
96KB
-
Sample
221128-g64bkagc7t
-
MD5
349f4acb47e9ab81a7ebf2bfdd0f4554
-
SHA1
91c44f795a16d5c736b157e2e1708f4629fa036b
-
SHA256
2bbb6cf3893979eb0975a77435deae8c284daf889648a3cee78b086535f67ce6
-
SHA512
ece211dc7adfbabc45637f890ff8b4f68d7dee045c76caf4343332089cdcfd9f8f0d6248ac1b1cc474857058d2c2804d5b7c5b08c3d7d7a9dca37be2361b82bb
-
SSDEEP
1536:fFkpW/MdanFqrE85DnHY8omqIujEQxlqFoqJf0BqV2vppkbayS87IezU:f2wn4/D4nI4251nV2vhypzU
Static task
static1
Behavioral task
behavioral1
Sample
2bbb6cf3893979eb0975a77435deae8c284daf889648a3cee78b086535f67ce6.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://ocvitcamap.com/administrator/lib/cheapoakley.php
http://spark-leds.com/upload/images/images.php
http://sapacmold.com/img/t/t.php
http://www.ubikate.mx/wp-includes/images/images.php
http://www.ebouw.nl/wp-includes/pomo/pomo.php
http://www.getserved.nl/wp-content/themes/themes.php
http://www.multiposting.nl/wp-includes/theme-compat/ips_kernel.php
Targets
-
-
Target
2bbb6cf3893979eb0975a77435deae8c284daf889648a3cee78b086535f67ce6
-
Size
96KB
-
MD5
349f4acb47e9ab81a7ebf2bfdd0f4554
-
SHA1
91c44f795a16d5c736b157e2e1708f4629fa036b
-
SHA256
2bbb6cf3893979eb0975a77435deae8c284daf889648a3cee78b086535f67ce6
-
SHA512
ece211dc7adfbabc45637f890ff8b4f68d7dee045c76caf4343332089cdcfd9f8f0d6248ac1b1cc474857058d2c2804d5b7c5b08c3d7d7a9dca37be2361b82bb
-
SSDEEP
1536:fFkpW/MdanFqrE85DnHY8omqIujEQxlqFoqJf0BqV2vppkbayS87IezU:f2wn4/D4nI4251nV2vhypzU
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-