General
-
Target
5df3145e115ce2c1cd2fbff4546d710186e1709f689f2df1cd239352cd32a3d0.exe
-
Size
17.2MB
-
Sample
220514-q5l6bscdcr
-
MD5
0be2014facaab4f1cb1fec82cda8aadd
-
SHA1
4cbb09439d79051e3f223988c0ff0920546f59fe
-
SHA256
5df3145e115ce2c1cd2fbff4546d710186e1709f689f2df1cd239352cd32a3d0
-
SHA512
7d54b8c061b62cefecdd5111a5a0530c55d78aec019e5d4ff527a7e7ff9afbf03a4ddd62e76ed8be49b0f91cd094dff73e19403f5113b1bb5b68f0b1033c8470
Static task
static1
Behavioral task
behavioral1
Sample
5df3145e115ce2c1cd2fbff4546d710186e1709f689f2df1cd239352cd32a3d0.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://rmsalf.com/dertyui6/ferti67/gate.php
-
payload_url
http://myp0nysite.ru/shit.exe
Targets
-
-
Target
5df3145e115ce2c1cd2fbff4546d710186e1709f689f2df1cd239352cd32a3d0.exe
-
Size
17.2MB
-
MD5
0be2014facaab4f1cb1fec82cda8aadd
-
SHA1
4cbb09439d79051e3f223988c0ff0920546f59fe
-
SHA256
5df3145e115ce2c1cd2fbff4546d710186e1709f689f2df1cd239352cd32a3d0
-
SHA512
7d54b8c061b62cefecdd5111a5a0530c55d78aec019e5d4ff527a7e7ff9afbf03a4ddd62e76ed8be49b0f91cd094dff73e19403f5113b1bb5b68f0b1033c8470
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-