General
-
Target
900-67-0x0000000000400000-0x000000000041C000-memory.dmp
-
Size
112KB
-
MD5
1d1ced4f8fd59573842961ffd17a3632
-
SHA1
9489edce0fe411833415ea1e2ffd708e8a466960
-
SHA256
3e458e05c9d729a73e1aeb88d426d9ae3b31e0de55733cc3e418fb25e0ec3bff
-
SHA512
3b2a3bb8845849fca6e5a4a128626547e2ced370454c46f81f334bbfec899904f6210331a075eefb2e764e6fd6e5bc8b1618e0962e413c1bfd310b2d9fe12cbe
-
SSDEEP
1536:vQ/gC6ZjmJQ8FqT/L1Ma7hM4sAJF+RpQk7v78TPAc7IRO32JTvREoTkzZFlz:vQ/Zpu/thJVF+Rp/PAPIOSEocFlz
Score
10/10
Malware Config
Extracted
Family
pony
C2
http://ranmabo.tk/no/gate.php
Attributes
-
payload_url
http://magic-skid.com/shit.exe
http://skid.com/calculator.exe
Signatures
-
Pony family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
900-67-0x0000000000400000-0x000000000041C000-memory.dmp
Headers
Sections