General
-
Target
a586cf618d1be4f71d3e5c10678aed17b92b38cece889956beb0d20b9a88b2f3
-
Size
348KB
-
Sample
221128-nwjbzabb48
-
MD5
c259e9438ef53e09d715f96cfef65d8b
-
SHA1
61a668fe778894f12db50b80ed04ecd41342167b
-
SHA256
a586cf618d1be4f71d3e5c10678aed17b92b38cece889956beb0d20b9a88b2f3
-
SHA512
63af6692986ed583d5e343afbf8679367eca904dbf208937fdc68143f189dc533d30ea46189c38efbe2ac72be5153406c8b4118414749afdd9ca9bf44537d9da
-
SSDEEP
3072:+b3jvu3gMxw9dmWhoBlZq2jQwEgsNdQ5V/2p6qRHXT4/4qx/dfQubuOElB8R6Zm3:yju3gMxwDoBlQ2blV//qlKTbEl6O
Static task
static1
Behavioral task
behavioral1
Sample
a586cf618d1be4f71d3e5c10678aed17b92b38cece889956beb0d20b9a88b2f3.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://invoiceseclib.com/gate.php
http://fastdrozdfund.com/gate.php
http://ferginestor.com/gate.php
http://gmosnbae.com/gate.php
-
payload_url
http://carbona.co.il/wp-content/plugins/cached_data/pg.exe
http://cardissimo.co.uk/wp-content/plugins/cached_data/pg.exe
http://castamon.com/wp-content/plugins/cached_data/pg.exe
http://miamienlamira.com/ads/pg.exe
Targets
-
-
Target
a586cf618d1be4f71d3e5c10678aed17b92b38cece889956beb0d20b9a88b2f3
-
Size
348KB
-
MD5
c259e9438ef53e09d715f96cfef65d8b
-
SHA1
61a668fe778894f12db50b80ed04ecd41342167b
-
SHA256
a586cf618d1be4f71d3e5c10678aed17b92b38cece889956beb0d20b9a88b2f3
-
SHA512
63af6692986ed583d5e343afbf8679367eca904dbf208937fdc68143f189dc533d30ea46189c38efbe2ac72be5153406c8b4118414749afdd9ca9bf44537d9da
-
SSDEEP
3072:+b3jvu3gMxw9dmWhoBlZq2jQwEgsNdQ5V/2p6qRHXT4/4qx/dfQubuOElB8R6Zm3:yju3gMxwDoBlQ2blV//qlKTbEl6O
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-