General
-
Target
3d4ad725e7f347ac36796ab0ef5308de5c10e7deada5a2cf574afc5b9c10e5e5
-
Size
604KB
-
Sample
220703-d5m2eadgem
-
MD5
20123a9aba46ad4abbc4031b7d40e487
-
SHA1
eed988924cd6599188502f9f6f92600d98797660
-
SHA256
3d4ad725e7f347ac36796ab0ef5308de5c10e7deada5a2cf574afc5b9c10e5e5
-
SHA512
c8c717f8b73d530b316d63aa1ec4bb5a563fa4af9fb27d85e900d674c5c09c26a10e08ba58947cedef6384b3c5f6e419873c4ef151f102b612a881d7bdbb6dac
Static task
static1
Behavioral task
behavioral1
Sample
3d4ad725e7f347ac36796ab0ef5308de5c10e7deada5a2cf574afc5b9c10e5e5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3d4ad725e7f347ac36796ab0ef5308de5c10e7deada5a2cf574afc5b9c10e5e5.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
pony
http://meks.myyearofgrace.ga/gate.php
-
payload_url
http://meks.myyearofgrace.ga/shit.exe
Targets
-
-
Target
3d4ad725e7f347ac36796ab0ef5308de5c10e7deada5a2cf574afc5b9c10e5e5
-
Size
604KB
-
MD5
20123a9aba46ad4abbc4031b7d40e487
-
SHA1
eed988924cd6599188502f9f6f92600d98797660
-
SHA256
3d4ad725e7f347ac36796ab0ef5308de5c10e7deada5a2cf574afc5b9c10e5e5
-
SHA512
c8c717f8b73d530b316d63aa1ec4bb5a563fa4af9fb27d85e900d674c5c09c26a10e08ba58947cedef6384b3c5f6e419873c4ef151f102b612a881d7bdbb6dac
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-