General
-
Target
77b12f3c3cd2e2239e9a6a70805a9219673cd10886c29389b28e650d0f40fcef
-
Size
169KB
-
Sample
221128-snretsgg9v
-
MD5
9e446a1096ad85b7fbc6d7c7389c5edc
-
SHA1
888b37bae469c8aa49ce4dcf74eca5288f9dab6e
-
SHA256
77b12f3c3cd2e2239e9a6a70805a9219673cd10886c29389b28e650d0f40fcef
-
SHA512
728316ea14e3fd3919c81aec5ee10b6ccd2189ecf83962508c2aed80b6634388dfe9ca5d3f59a55f8ff8f53086fdd0f5c7674267c3a6448fd92580f8806944d5
-
SSDEEP
3072:TMPmyvvjQ20oKyPtKx+jo8kIUBz6/yBwfyiKOuxNJD//dm:8vk2BN1loZIUV6//XKxHI
Static task
static1
Behavioral task
behavioral1
Sample
77b12f3c3cd2e2239e9a6a70805a9219673cd10886c29389b28e650d0f40fcef.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://1.softinstall.xyz/skysteal/skygate.php
Targets
-
-
Target
77b12f3c3cd2e2239e9a6a70805a9219673cd10886c29389b28e650d0f40fcef
-
Size
169KB
-
MD5
9e446a1096ad85b7fbc6d7c7389c5edc
-
SHA1
888b37bae469c8aa49ce4dcf74eca5288f9dab6e
-
SHA256
77b12f3c3cd2e2239e9a6a70805a9219673cd10886c29389b28e650d0f40fcef
-
SHA512
728316ea14e3fd3919c81aec5ee10b6ccd2189ecf83962508c2aed80b6634388dfe9ca5d3f59a55f8ff8f53086fdd0f5c7674267c3a6448fd92580f8806944d5
-
SSDEEP
3072:TMPmyvvjQ20oKyPtKx+jo8kIUBz6/yBwfyiKOuxNJD//dm:8vk2BN1loZIUV6//XKxHI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-