General
-
Target
1358ae104519c839bd0061450f88c14cf807dfbea7e5125b92c476119eb05b13.exe
-
Size
494KB
-
Sample
220521-yhyvlsgbhq
-
MD5
4e8e6e2c2a35ba5ac2b93903584b473f
-
SHA1
71ff3a7b9b9648cc5fe69d4f2f6c2f4ea10f6dd1
-
SHA256
1358ae104519c839bd0061450f88c14cf807dfbea7e5125b92c476119eb05b13
-
SHA512
083ff8cf714f6cfb17c43c614c794ebf7fa8ad312cc740817ca566a4c20a8d9731577ed5f7372f644e0a9b51c3e9bac5461460005c5aa1d7d6ddca4fb74770ba
Static task
static1
Behavioral task
behavioral1
Sample
1358ae104519c839bd0061450f88c14cf807dfbea7e5125b92c476119eb05b13.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
https://goodservices.co.vu/https://goodservices.co.vu/hcox/panel/gate.php
-
payload_url
https://goodservices.co.vu/shit.exe
Targets
-
-
Target
1358ae104519c839bd0061450f88c14cf807dfbea7e5125b92c476119eb05b13.exe
-
Size
494KB
-
MD5
4e8e6e2c2a35ba5ac2b93903584b473f
-
SHA1
71ff3a7b9b9648cc5fe69d4f2f6c2f4ea10f6dd1
-
SHA256
1358ae104519c839bd0061450f88c14cf807dfbea7e5125b92c476119eb05b13
-
SHA512
083ff8cf714f6cfb17c43c614c794ebf7fa8ad312cc740817ca566a4c20a8d9731577ed5f7372f644e0a9b51c3e9bac5461460005c5aa1d7d6ddca4fb74770ba
-
suricata: ET MALWARE Fareit/Pony Downloader Checkin 3
suricata: ET MALWARE Fareit/Pony Downloader Checkin 3
-
suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-