General
-
Target
f7ea603361599bed0b24f771da5b1b01126423d438dab2a1bfc7c7e4f6a1abec
-
Size
251KB
-
Sample
221128-m2wntadc7s
-
MD5
002b4e3fc895582b5efed565ca1ffd2f
-
SHA1
dc4c15eea157364faa550d10696f2e9c7d475ebc
-
SHA256
f7ea603361599bed0b24f771da5b1b01126423d438dab2a1bfc7c7e4f6a1abec
-
SHA512
30f59b4d31166cd94e7d841f60fb090315aa9926d4bbf57b7f0f2383ef78d3fe6affd6240b6177963a4a124bfc502c16a5d673e79f1b5bc6fabec16eda79c3e5
-
SSDEEP
3072:WqAHdiwrVn0+uyoWthZWNwhjKf1CIIjlWmyZa1ZOWTFS4xj3u4NGIkdJ4dDmSt0:WtdY9EWNAjHZxZZOWDxje4E0e
Static task
static1
Behavioral task
behavioral1
Sample
f7ea603361599bed0b24f771da5b1b01126423d438dab2a1bfc7c7e4f6a1abec.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://moskalskiybodun.com/gate.php
http://funnyinvoiceorg.com/gate.php
http://formaterdocstras.com/gate.php
-
payload_url
http://dkpconsulting.com/wp-content/plugins/cached_data/bb.exe
http://doc.giovanniborsi.it/wp-content/plugins/cached_data/bb.exe
http://dom660000.ru/wp-content/plugins/cached_data/bb.exe
http://domdobleska.ru/wp-content/plugins/cached_data/bb.exe
Targets
-
-
Target
f7ea603361599bed0b24f771da5b1b01126423d438dab2a1bfc7c7e4f6a1abec
-
Size
251KB
-
MD5
002b4e3fc895582b5efed565ca1ffd2f
-
SHA1
dc4c15eea157364faa550d10696f2e9c7d475ebc
-
SHA256
f7ea603361599bed0b24f771da5b1b01126423d438dab2a1bfc7c7e4f6a1abec
-
SHA512
30f59b4d31166cd94e7d841f60fb090315aa9926d4bbf57b7f0f2383ef78d3fe6affd6240b6177963a4a124bfc502c16a5d673e79f1b5bc6fabec16eda79c3e5
-
SSDEEP
3072:WqAHdiwrVn0+uyoWthZWNwhjKf1CIIjlWmyZa1ZOWTFS4xj3u4NGIkdJ4dDmSt0:WtdY9EWNAjHZxZZOWDxje4E0e
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-