General
-
Target
8817f89fedacd9663cc3ef67a4ac0055dac9eba8fcc8269b9610703848955aef
-
Size
2.2MB
-
Sample
240630-3wxa6asgpk
-
MD5
afd00a67178365a37a5518e58d1ea92b
-
SHA1
92b732c91cd7d99bd4485485e50dea09d590bb90
-
SHA256
8817f89fedacd9663cc3ef67a4ac0055dac9eba8fcc8269b9610703848955aef
-
SHA512
f66513c333d8e6ac9b2570340783bea86ca6bc43c1e2e9cb45be89fa7e28bd58de1b72a457890c0df15ca206d1d7650361e8a926cf4a1d1275ee5cd18fcf1fcc
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZc:0UzeyQMS4DqodCnoe+iitjWww4
Behavioral task
behavioral1
Sample
8817f89fedacd9663cc3ef67a4ac0055dac9eba8fcc8269b9610703848955aef.exe
Resource
win7-20240611-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
8817f89fedacd9663cc3ef67a4ac0055dac9eba8fcc8269b9610703848955aef
-
Size
2.2MB
-
MD5
afd00a67178365a37a5518e58d1ea92b
-
SHA1
92b732c91cd7d99bd4485485e50dea09d590bb90
-
SHA256
8817f89fedacd9663cc3ef67a4ac0055dac9eba8fcc8269b9610703848955aef
-
SHA512
f66513c333d8e6ac9b2570340783bea86ca6bc43c1e2e9cb45be89fa7e28bd58de1b72a457890c0df15ca206d1d7650361e8a926cf4a1d1275ee5cd18fcf1fcc
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZc:0UzeyQMS4DqodCnoe+iitjWww4
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Active Setup
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Active Setup
1