General
-
Target
4368229ecac528a7352f2eafaaf193efeb725c6c6d40c75af82c635cb6f1e8ef.exe
-
Size
496KB
-
Sample
220521-yhyjvadac5
-
MD5
11d89ad526b17037587b7f48f84b90f7
-
SHA1
9905ee159e8884f4e33585621d7ddad6afdb2bdd
-
SHA256
4368229ecac528a7352f2eafaaf193efeb725c6c6d40c75af82c635cb6f1e8ef
-
SHA512
dbdd87cb5e8abc1579a6039efdda32f10059ada0fcffbf9b40f11211f80749a95ee1fdc5a19a927e3629209e2bc392e6638027e01e0440d48fb62d391ca536c9
Static task
static1
Behavioral task
behavioral1
Sample
4368229ecac528a7352f2eafaaf193efeb725c6c6d40c75af82c635cb6f1e8ef.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
https://goodservices.co.vu/netpro/panel/gate.php
-
payload_url
https://goodservices.co.vu/shit.exe
Targets
-
-
Target
4368229ecac528a7352f2eafaaf193efeb725c6c6d40c75af82c635cb6f1e8ef.exe
-
Size
496KB
-
MD5
11d89ad526b17037587b7f48f84b90f7
-
SHA1
9905ee159e8884f4e33585621d7ddad6afdb2bdd
-
SHA256
4368229ecac528a7352f2eafaaf193efeb725c6c6d40c75af82c635cb6f1e8ef
-
SHA512
dbdd87cb5e8abc1579a6039efdda32f10059ada0fcffbf9b40f11211f80749a95ee1fdc5a19a927e3629209e2bc392e6638027e01e0440d48fb62d391ca536c9
-
suricata: ET MALWARE Fareit/Pony Downloader Checkin 3
suricata: ET MALWARE Fareit/Pony Downloader Checkin 3
-
suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-