General
-
Target
a6adc011444ed48ab6262c5baa629ccb.exe
-
Size
715KB
-
Sample
230101-nfzn1seg21
-
MD5
a6adc011444ed48ab6262c5baa629ccb
-
SHA1
31dca548f6c624240cff5a87832cac8ddbee606b
-
SHA256
a10a1ba5f4445a910d14fd72af43f010c503dd08e31ac2c1a84f15e568455115
-
SHA512
7a9276737d272d99590a1b0704baea8248b6f9f1cd4da06ba51095b8792499f94258e8a305780da66d7c71bc6a97a6cf69b8d7af39ffe63448d52d4ba7eb61b7
-
SSDEEP
12288:1dbp2VMvk8YYUzu+NFoN4mJxKoXmONXcEP30mMHlJfm:1dbFvfYYf+NFVmJELO3wrfm
Static task
static1
Behavioral task
behavioral1
Sample
a6adc011444ed48ab6262c5baa629ccb.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://imadiary.com/blog/panel/gate.php
Targets
-
-
Target
a6adc011444ed48ab6262c5baa629ccb.exe
-
Size
715KB
-
MD5
a6adc011444ed48ab6262c5baa629ccb
-
SHA1
31dca548f6c624240cff5a87832cac8ddbee606b
-
SHA256
a10a1ba5f4445a910d14fd72af43f010c503dd08e31ac2c1a84f15e568455115
-
SHA512
7a9276737d272d99590a1b0704baea8248b6f9f1cd4da06ba51095b8792499f94258e8a305780da66d7c71bc6a97a6cf69b8d7af39ffe63448d52d4ba7eb61b7
-
SSDEEP
12288:1dbp2VMvk8YYUzu+NFoN4mJxKoXmONXcEP30mMHlJfm:1dbFvfYYf+NFVmJELO3wrfm
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-