General
-
Target
d34e77e4ce22e3ff14c6900e225e118c5cdec91f3fb178822ec1e45da912eb4e
-
Size
874KB
-
Sample
220521-psfbksfhf5
-
MD5
8cd6e520a7c1e654d28a8a1cc48055a8
-
SHA1
3ed3a058819a79474ece83a5407cd9c02eb411eb
-
SHA256
d34e77e4ce22e3ff14c6900e225e118c5cdec91f3fb178822ec1e45da912eb4e
-
SHA512
ad0b66c386b77f632c4afcc5014ace3e135aad08936cae32d19b3ed06ed45df53e082ea154520e0457d492dab4ea0ce262ed7c1a6b1066339db81d59373d67bc
Static task
static1
Behavioral task
behavioral1
Sample
INV TEKNOLAB PRIMA INDONESIA.PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://smkrantimula.sch.id/cb/panelnew/gate.php
Targets
-
-
Target
INV TEKNOLAB PRIMA INDONESIA.PDF.exe
-
Size
1.0MB
-
MD5
2c0b595f698ff18c0dff18e6b14138b6
-
SHA1
9223cb9379e70d958254d2f9df253b402c2e9e37
-
SHA256
746b1025505ebb847d4f7f27ded324b512834d470c63950186aa25912fdd1dfb
-
SHA512
79d2fb0ddb7536763a2c35d7be953f00b1dd24d9453e4554024235339a0ec38ccb9ee96717f1c3067588b26244d63048242ec12d5fe479905cbca0c521a16ed7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-