General
-
Target
42b8503d47b564a1366a12b67db662d27f209e6c785eb234e8788cdf65b55726
-
Size
513KB
-
Sample
241111-1l9sdsxelc
-
MD5
8a74c1af5c133e0b74afd23d1d16558c
-
SHA1
ae685b826bd5f7c231f8d9ee7c94c48eac7fe30b
-
SHA256
42b8503d47b564a1366a12b67db662d27f209e6c785eb234e8788cdf65b55726
-
SHA512
2a94764784193586444dbd16fb7b8c81f8418d002538c0fb87080abd10188131ba6eff4798846f4b58172a9ce9f0c527dd6bb6fbaa445825e1e4708c0616917f
-
SSDEEP
6144:WTfFDbRnOTrA24QS575Xvk6VBiHQLO8IUeErP+k9IMXgXNZ4iIFgRpctuD1MTRAr:U5O74T7RvkQit8jrgBZrMwyTRAZG4av6
Static task
static1
Behavioral task
behavioral1
Sample
42b8503d47b564a1366a12b67db662d27f209e6c785eb234e8788cdf65b55726.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
42b8503d47b564a1366a12b67db662d27f209e6c785eb234e8788cdf65b55726.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://orangefornowsee.webatu.com/yt/gate.php
Targets
-
-
Target
42b8503d47b564a1366a12b67db662d27f209e6c785eb234e8788cdf65b55726
-
Size
513KB
-
MD5
8a74c1af5c133e0b74afd23d1d16558c
-
SHA1
ae685b826bd5f7c231f8d9ee7c94c48eac7fe30b
-
SHA256
42b8503d47b564a1366a12b67db662d27f209e6c785eb234e8788cdf65b55726
-
SHA512
2a94764784193586444dbd16fb7b8c81f8418d002538c0fb87080abd10188131ba6eff4798846f4b58172a9ce9f0c527dd6bb6fbaa445825e1e4708c0616917f
-
SSDEEP
6144:WTfFDbRnOTrA24QS575Xvk6VBiHQLO8IUeErP+k9IMXgXNZ4iIFgRpctuD1MTRAr:U5O74T7RvkQit8jrgBZrMwyTRAZG4av6
-
Pony family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-