General
-
Target
64d0a4b09f0b5ca8468eca2df0c00326add152414dca23e028fadfa7302a65b2
-
Size
244KB
-
Sample
221128-nkmj9aee9s
-
MD5
cf164f12ed2851b1ef80b88b7fb16021
-
SHA1
ec141ca587f88822cc138c2a2835e6eb596c3c3b
-
SHA256
64d0a4b09f0b5ca8468eca2df0c00326add152414dca23e028fadfa7302a65b2
-
SHA512
b0155451eec2f877b7de1e3ddaa35035ea0932d0e45429f44a05540fd94ade0f09241e496e23d6ce11977b6735b70ba8933fc7c87810efc6678cf9283e149399
-
SSDEEP
3072:PZC6QlOTr39Q/YeY/pZYIMyP4Cz4rzxbEgrWNC93M5oLpJeGVTbmELx4dXPnamTP:PM6QAHNmY9My4CKenCkoLptL+5PMq
Static task
static1
Behavioral task
behavioral1
Sample
64d0a4b09f0b5ca8468eca2df0c00326add152414dca23e028fadfa7302a65b2.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://ireqinvoiceparm.com/gate.php
http://manydocsfastrack.com/gate.php
http://invoiceformater.com/gate.php
-
payload_url
http://fusteriadurany.com/wp-content/plugins/cached_data/pp.exe
http://geppetto.hu/wp-content/plugins/cached_data/pp.exe
http://getitupskateboards.com/wp-content/plugins/cached_data/pp.exe
http://ghcimt.org/wp-content/plugins/cached_data/pp.exe
http://globalindiaconsultancy.org/wp-content/plugins/cached_data/pp.exe
http://gncinsaat.com/wp-content/plugins/cached_data/pp.exe
Targets
-
-
Target
64d0a4b09f0b5ca8468eca2df0c00326add152414dca23e028fadfa7302a65b2
-
Size
244KB
-
MD5
cf164f12ed2851b1ef80b88b7fb16021
-
SHA1
ec141ca587f88822cc138c2a2835e6eb596c3c3b
-
SHA256
64d0a4b09f0b5ca8468eca2df0c00326add152414dca23e028fadfa7302a65b2
-
SHA512
b0155451eec2f877b7de1e3ddaa35035ea0932d0e45429f44a05540fd94ade0f09241e496e23d6ce11977b6735b70ba8933fc7c87810efc6678cf9283e149399
-
SSDEEP
3072:PZC6QlOTr39Q/YeY/pZYIMyP4Cz4rzxbEgrWNC93M5oLpJeGVTbmELx4dXPnamTP:PM6QAHNmY9My4CKenCkoLptL+5PMq
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-