General
-
Target
94fdaa6906dc8ce6ea2f333490e1932085f45b12aa248fb4268b144ba36f84f9
-
Size
553KB
-
Sample
221128-lex3pacf66
-
MD5
b9771d79accc57f136f3d18c92d9fbf7
-
SHA1
31985c9bebf5bc14662b20f39764452acc196b6b
-
SHA256
94fdaa6906dc8ce6ea2f333490e1932085f45b12aa248fb4268b144ba36f84f9
-
SHA512
d5a09b5e00b2eab8351470eccfa59e8f3efad0b770366f389e867f724a4665d377e3d6ddf3581f4c7993367e29ff24258c8df2ffea1a583fd35406fbd5f89b9d
-
SSDEEP
6144:ZzXwjHej0s2wYB3gvtMew0ODzUHUvRSIC2IHPXWC3noNojSuZwn:Z7wG0s2wYB3gvtl6oHUvRS5Lv3oNISMQ
Static task
static1
Behavioral task
behavioral1
Sample
94fdaa6906dc8ce6ea2f333490e1932085f45b12aa248fb4268b144ba36f84f9.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://intelifin.com/hcl/gate.php
Targets
-
-
Target
94fdaa6906dc8ce6ea2f333490e1932085f45b12aa248fb4268b144ba36f84f9
-
Size
553KB
-
MD5
b9771d79accc57f136f3d18c92d9fbf7
-
SHA1
31985c9bebf5bc14662b20f39764452acc196b6b
-
SHA256
94fdaa6906dc8ce6ea2f333490e1932085f45b12aa248fb4268b144ba36f84f9
-
SHA512
d5a09b5e00b2eab8351470eccfa59e8f3efad0b770366f389e867f724a4665d377e3d6ddf3581f4c7993367e29ff24258c8df2ffea1a583fd35406fbd5f89b9d
-
SSDEEP
6144:ZzXwjHej0s2wYB3gvtMew0ODzUHUvRSIC2IHPXWC3noNojSuZwn:Z7wG0s2wYB3gvtl6oHUvRS5Lv3oNISMQ
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-