General
-
Target
fa56997241374c1642e537fad8f447bf42821545a13799ac9595e59399ac5f84.exe
-
Size
388KB
-
Sample
220514-q5lvkacdcm
-
MD5
b58eb4671823a88610c20e907c5a6841
-
SHA1
e98ccb390845fe4b37efa8da06bde419774a6773
-
SHA256
fa56997241374c1642e537fad8f447bf42821545a13799ac9595e59399ac5f84
-
SHA512
94cbcaed18b039673868f5bcd3d3f7c77fba217c829b975735ce80ef1b2f09338f33334bfc3bd0f61049eaab242b7aba728c2a0b6028676e532f0a9454061063
Static task
static1
Behavioral task
behavioral1
Sample
fa56997241374c1642e537fad8f447bf42821545a13799ac9595e59399ac5f84.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://nowahost.ru/sprygin.ru/inc/gate.php
Targets
-
-
Target
fa56997241374c1642e537fad8f447bf42821545a13799ac9595e59399ac5f84.exe
-
Size
388KB
-
MD5
b58eb4671823a88610c20e907c5a6841
-
SHA1
e98ccb390845fe4b37efa8da06bde419774a6773
-
SHA256
fa56997241374c1642e537fad8f447bf42821545a13799ac9595e59399ac5f84
-
SHA512
94cbcaed18b039673868f5bcd3d3f7c77fba217c829b975735ce80ef1b2f09338f33334bfc3bd0f61049eaab242b7aba728c2a0b6028676e532f0a9454061063
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-