General
-
Target
73f67fb17b849e5b752dbecb63d0e7ef93bc43a8778a542b6f955beeccea3411
-
Size
175KB
-
Sample
221128-nwhqfafd5s
-
MD5
f21072077e88c74b9b6d67f81ae63d84
-
SHA1
74a586abad423af4d969a0064248075ffbc3b3bf
-
SHA256
73f67fb17b849e5b752dbecb63d0e7ef93bc43a8778a542b6f955beeccea3411
-
SHA512
33802cd40241a527f88fade44f1d29f4db8ef4376ef6a6c82f4049793f4dce4c5950b1fb7e9afadcccb8dd3fa535b9513a0ea22c91694d478f90760556249c61
-
SSDEEP
3072:I8+sP9btvhlPygwgVdhmrMG1qKSR0HhmsYY4Jv0OnuzNrc5o1cjk+Wo:IiP9bhHxvvmrMmSR0Hx4JcKuzKucQo
Static task
static1
Behavioral task
behavioral1
Sample
73f67fb17b849e5b752dbecb63d0e7ef93bc43a8778a542b6f955beeccea3411.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://docscountry.com/gate.php
http://sampledocstrash.com/gate.php
http://manterinvoice.com/gate.php
-
payload_url
http://dev.mariocorp.com/wp-content/plugins/cached_data/w1.exe
http://dev.wbiz.it/wp-content/plugins/cached_data/w1.exe
http://diamondnailsvalpo.com/wp-content/plugins/cached_data/w1.exe
Targets
-
-
Target
73f67fb17b849e5b752dbecb63d0e7ef93bc43a8778a542b6f955beeccea3411
-
Size
175KB
-
MD5
f21072077e88c74b9b6d67f81ae63d84
-
SHA1
74a586abad423af4d969a0064248075ffbc3b3bf
-
SHA256
73f67fb17b849e5b752dbecb63d0e7ef93bc43a8778a542b6f955beeccea3411
-
SHA512
33802cd40241a527f88fade44f1d29f4db8ef4376ef6a6c82f4049793f4dce4c5950b1fb7e9afadcccb8dd3fa535b9513a0ea22c91694d478f90760556249c61
-
SSDEEP
3072:I8+sP9btvhlPygwgVdhmrMG1qKSR0HhmsYY4Jv0OnuzNrc5o1cjk+Wo:IiP9bhHxvvmrMmSR0Hx4JcKuzKucQo
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-