General
-
Target
17a6bb84ecab191bfcbb83b887982ef045fa9418199e790fd8075702a5955c0e
-
Size
196KB
-
Sample
220608-y1lb8sbec3
-
MD5
d1ccfd2bb0778029d064fe33b63834ca
-
SHA1
fe0c75d3b92f5c7bd6b259ae37c42802ef432ba7
-
SHA256
17a6bb84ecab191bfcbb83b887982ef045fa9418199e790fd8075702a5955c0e
-
SHA512
a0e251cc8a5543366de76a262f67f22cf8b447bb56c89205da8c0dba5b91d870d863782199c7716b059bc402b1060bbb038695fc7907071a74826e0dfdcff41e
Static task
static1
Behavioral task
behavioral1
Sample
17a6bb84ecab191bfcbb83b887982ef045fa9418199e790fd8075702a5955c0e.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://pmzmedical.com/css/smoothness/.mode/cache/module.php
Targets
-
-
Target
17a6bb84ecab191bfcbb83b887982ef045fa9418199e790fd8075702a5955c0e
-
Size
196KB
-
MD5
d1ccfd2bb0778029d064fe33b63834ca
-
SHA1
fe0c75d3b92f5c7bd6b259ae37c42802ef432ba7
-
SHA256
17a6bb84ecab191bfcbb83b887982ef045fa9418199e790fd8075702a5955c0e
-
SHA512
a0e251cc8a5543366de76a262f67f22cf8b447bb56c89205da8c0dba5b91d870d863782199c7716b059bc402b1060bbb038695fc7907071a74826e0dfdcff41e
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-