Overview

overview

10

Static

static

10

848-63-0x0...ry.exe

windows7-x64

7

848-63-0x0...ry.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    848-63-0x0000000000400000-0x000000000041C000-memory.dmp

  • Size

    112KB

  • MD5

    8d47402ed5f138c8c491b9066bedcb1b

  • SHA1

    555500834f6423547ab2ed8c85edc0afc8c7dd8b

  • SHA256

    2db9142262bc961e5db22aa3891c2e64b2e173d2f96ebf28f88ad7e5eaab4160

  • SHA512

    26eec58c90f19e0b22356b7b3e4f9b884d262aff4929fea96ac6ee47ec2ec59f22739ded95ee7986f593bc13b6df7550c1c183822498f735c4014d7359cec947

  • SSDEEP

    1536:ugoSobQx8qTUEzm9i4y9XKMA/8taZCgODtsQpTvpE43kzmSezhL:udSoATm9y9XuUgORssE4nSezN

Score
10/10
upxpony

Malware Config

Extracted

Family

pony

C2

http://al-shifaa.com/agama/gate.php

Attributes
  • payload_url

    http://stan321.com/shit.exe

Signatures

  • Pony family
    pony
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Files

  • 848-63-0x0000000000400000-0x000000000041C000-memory.dmp
    .exe windows x86


    Headers

    Sections