General
-
Target
90857805c139b3acea91fe38a49db3a50281d2f9e6f1f3af63770736225f44be
-
Size
175KB
-
Sample
221128-m2xacaha92
-
MD5
f5398dfb74426c0499f304a82b60b4a2
-
SHA1
eba64c316f798902fe007fc3b87392621d6129eb
-
SHA256
90857805c139b3acea91fe38a49db3a50281d2f9e6f1f3af63770736225f44be
-
SHA512
6b91b63976a496ce0961b4f9dcd673ed1a079f2af024f8d19c98001161b34b9ff2c2877354ae30d2dd710e7ab22306c0810e70baae6ebcf91c705f19418a5ff9
-
SSDEEP
3072:0zuyDUVOpihyZEw3Q9jyLeMPlZHFmxRo1yzGco8uhMPZ:0zuyYVlhyewA9eLeMfFYRo1c+S
Static task
static1
Behavioral task
behavioral1
Sample
90857805c139b3acea91fe38a49db3a50281d2f9e6f1f3af63770736225f44be.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://moskalskiybodun.com/gate.php
http://funnyinvoiceorg.com/gate.php
http://formaterdocstras.com/gate.php
-
payload_url
http://dkpconsulting.com/wp-content/plugins/cached_data/bb.exe
http://doc.giovanniborsi.it/wp-content/plugins/cached_data/bb.exe
http://dom660000.ru/wp-content/plugins/cached_data/bb.exe
http://domdobleska.ru/wp-content/plugins/cached_data/bb.exe
Targets
-
-
Target
90857805c139b3acea91fe38a49db3a50281d2f9e6f1f3af63770736225f44be
-
Size
175KB
-
MD5
f5398dfb74426c0499f304a82b60b4a2
-
SHA1
eba64c316f798902fe007fc3b87392621d6129eb
-
SHA256
90857805c139b3acea91fe38a49db3a50281d2f9e6f1f3af63770736225f44be
-
SHA512
6b91b63976a496ce0961b4f9dcd673ed1a079f2af024f8d19c98001161b34b9ff2c2877354ae30d2dd710e7ab22306c0810e70baae6ebcf91c705f19418a5ff9
-
SSDEEP
3072:0zuyDUVOpihyZEw3Q9jyLeMPlZHFmxRo1yzGco8uhMPZ:0zuyYVlhyewA9eLeMfFYRo1c+S
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-