General
-
Target
6d5c1035e3e7960fcbe640e6f2622078148c1373033488070b67fa04db29f6ca.exe
-
Size
44KB
-
Sample
220514-q5lvkaaad2
-
MD5
d11e1238b19806645ff3400ce58a034b
-
SHA1
12398dcd10fe96efbf6d9bde4c3a9578e79be24a
-
SHA256
6d5c1035e3e7960fcbe640e6f2622078148c1373033488070b67fa04db29f6ca
-
SHA512
d045485fb575817d4152e8d0e2ce1d920f0ad4f993c2e605d1cb4473edfea93d0b0e5fb3e7a4a23dc8278ffcc2ea13b267d9cfd675d9643067c16de12513d2e5
Static task
static1
Behavioral task
behavioral1
Sample
6d5c1035e3e7960fcbe640e6f2622078148c1373033488070b67fa04db29f6ca.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6d5c1035e3e7960fcbe640e6f2622078148c1373033488070b67fa04db29f6ca.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
pony
http://clamprite.ga/bryan/vtx.php
Targets
-
-
Target
6d5c1035e3e7960fcbe640e6f2622078148c1373033488070b67fa04db29f6ca.exe
-
Size
44KB
-
MD5
d11e1238b19806645ff3400ce58a034b
-
SHA1
12398dcd10fe96efbf6d9bde4c3a9578e79be24a
-
SHA256
6d5c1035e3e7960fcbe640e6f2622078148c1373033488070b67fa04db29f6ca
-
SHA512
d045485fb575817d4152e8d0e2ce1d920f0ad4f993c2e605d1cb4473edfea93d0b0e5fb3e7a4a23dc8278ffcc2ea13b267d9cfd675d9643067c16de12513d2e5
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-