General
-
Target
ac2362bfb043929f138f0ed947f81fa8444fd87b2301ecaa9a837e86f6eca690.exe
-
Size
324KB
-
Sample
220521-yhy6dadad6
-
MD5
08042d58bdf1d88cabd4466441359ab6
-
SHA1
ddedbdc510770f9b6ecf60fabdc924ae26ce679d
-
SHA256
ac2362bfb043929f138f0ed947f81fa8444fd87b2301ecaa9a837e86f6eca690
-
SHA512
65a287b3d2fe29cb226f397b93a1117a5185a0f4cfcd1360ff89e06adbaa516f1ad7a22eb62e9808bd4dc1603583cc5bddbbb3878224838cd407dfe9f20b1d7b
Static task
static1
Behavioral task
behavioral1
Sample
ac2362bfb043929f138f0ed947f81fa8444fd87b2301ecaa9a837e86f6eca690.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ac2362bfb043929f138f0ed947f81fa8444fd87b2301ecaa9a837e86f6eca690.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
pony
http://srae.co.in/js./gretings/gate.php
Targets
-
-
Target
ac2362bfb043929f138f0ed947f81fa8444fd87b2301ecaa9a837e86f6eca690.exe
-
Size
324KB
-
MD5
08042d58bdf1d88cabd4466441359ab6
-
SHA1
ddedbdc510770f9b6ecf60fabdc924ae26ce679d
-
SHA256
ac2362bfb043929f138f0ed947f81fa8444fd87b2301ecaa9a837e86f6eca690
-
SHA512
65a287b3d2fe29cb226f397b93a1117a5185a0f4cfcd1360ff89e06adbaa516f1ad7a22eb62e9808bd4dc1603583cc5bddbbb3878224838cd407dfe9f20b1d7b
-
suricata: ET MALWARE Fareit/Pony Downloader Checkin 3
suricata: ET MALWARE Fareit/Pony Downloader Checkin 3
-
suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-