General
-
Target
Scan061120153800 jpeg.zip
-
Size
372KB
-
Sample
240326-28d5nshe9x
-
MD5
69b82d5a3f0a3599c3ebe743c986e159
-
SHA1
c01576679c99727519b47c0d8d3c4b5aabb2d600
-
SHA256
921f106e9b6d183cd63cbbf8a2200d1cd518e8efe053b6bd95995a700c7bca5f
-
SHA512
d9c94c239708eab6a2ecb4d842f57156d0a11f643ef8de8504b8ca079311f1c898cd3dc43fad57b6413db36b5c2c8f3d3608159a20af056d6e53ee8fb65f882e
-
SSDEEP
6144:5DY693MQ1Btd9I3ctDvZs6vIhmIFzojskfkUjGS4jS6bwpKED8u0gFPMXoBJZjFw:R993vd99hxxYowdUS/jS6bwB8u0gyXC6
Static task
static1
Behavioral task
behavioral1
Sample
Scan061120153800 jpeg.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://balsamar.org/water/panelnew/gate.php
-
payload_url
http://balsamar.org/water/panelnew/apply.exe
Targets
-
-
Target
Scan061120153800 jpeg.exe
-
Size
725KB
-
MD5
843be1729904df5c2bcab8f6bc4b7315
-
SHA1
319563226281372c3fea52ca8fb78c55a240a3d1
-
SHA256
f15f2c93d21535d4f4a3b655c97ea26548d67bded9120a53b63718c5228e0eac
-
SHA512
4a0c22656708f6e1a6c0bcb01163a0cf58a52df9c2d9add001de15c148f553ac189a62d96df9656fce028912d3836887c188500af069b3fdb51272eb32660802
-
SSDEEP
3072:uoInfeSBe8bR6kQ3aFw+uUbZvA/2p9e2EHOm9DWRfWw224SkW2:/m2cJbRFw+ZJ9xm9DWRfGR
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-