General
-
Target
9101909e17fc34c22f250b024c5b3dad738ff3c25d165c56b722b5bccf86087a
-
Size
266KB
-
Sample
221128-pp388sch99
-
MD5
c00ecccc3b1f56d4b832228780fbb6e6
-
SHA1
0819ddaa519b8765dec247cc5c0a927917862e4a
-
SHA256
9101909e17fc34c22f250b024c5b3dad738ff3c25d165c56b722b5bccf86087a
-
SHA512
f12d18775048d0bacf066c22c9ae7dc1a6af273a9bbf0c67f7edff10e7eb3b26ac27f7a8f76561a578c400e3726d5dd4c011b91f776259bd590ff7c0ae714a28
-
SSDEEP
3072:22edmL7QpK1KxIYxNxMuM8JpSeT9v9syY0aqNFIk7bTLZLMIV1zHP+NcYUCj4ra:LeMLWAK/RMurplVnUqNuA26b8eCjZ
Static task
static1
Behavioral task
behavioral1
Sample
9101909e17fc34c22f250b024c5b3dad738ff3c25d165c56b722b5bccf86087a.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://faststornet.com/gate.php
http://nestorganje.com/gate.php
http://ferginestor.com/gate.php
-
payload_url
http://valerunners.com/wp-content/m1g.exe
http://cbearmusic.com/wp-content/plugins/cached_data/m1g.exe
http://cedecat.com/wp-content/plugins/cached_data/m1g.exe
http://centraljerseyjointandspine.com/wp-content/plugins/cached_data/m1g.exe
Targets
-
-
Target
9101909e17fc34c22f250b024c5b3dad738ff3c25d165c56b722b5bccf86087a
-
Size
266KB
-
MD5
c00ecccc3b1f56d4b832228780fbb6e6
-
SHA1
0819ddaa519b8765dec247cc5c0a927917862e4a
-
SHA256
9101909e17fc34c22f250b024c5b3dad738ff3c25d165c56b722b5bccf86087a
-
SHA512
f12d18775048d0bacf066c22c9ae7dc1a6af273a9bbf0c67f7edff10e7eb3b26ac27f7a8f76561a578c400e3726d5dd4c011b91f776259bd590ff7c0ae714a28
-
SSDEEP
3072:22edmL7QpK1KxIYxNxMuM8JpSeT9v9syY0aqNFIk7bTLZLMIV1zHP+NcYUCj4ra:LeMLWAK/RMurplVnUqNuA26b8eCjZ
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-