General
-
Target
58148e37d705aa1d1d0a05e49812df0e5b18e785a66ab799a12fef7e7a3f4ab4
-
Size
109KB
-
Sample
220724-t174sabaak
-
MD5
594297e9a312f641aec5609f83fdd973
-
SHA1
fe7c042044d9facd36bebea4d3ec873bd0e47c89
-
SHA256
58148e37d705aa1d1d0a05e49812df0e5b18e785a66ab799a12fef7e7a3f4ab4
-
SHA512
307d95a402d0f3e04749a43e9f8efe6f11926769e939deb7cde49012cd16ab8f6c4e9f3b82994e10cad212b76c3116d37daad6ca56209e445f081355676c3379
Static task
static1
Behavioral task
behavioral1
Sample
58148e37d705aa1d1d0a05e49812df0e5b18e785a66ab799a12fef7e7a3f4ab4.exe
Resource
win7-20220715-en
Malware Config
Extracted
pony
http://fairfaxandrobert.com.au/zobs/mypage/gate.php
Targets
-
-
Target
58148e37d705aa1d1d0a05e49812df0e5b18e785a66ab799a12fef7e7a3f4ab4
-
Size
109KB
-
MD5
594297e9a312f641aec5609f83fdd973
-
SHA1
fe7c042044d9facd36bebea4d3ec873bd0e47c89
-
SHA256
58148e37d705aa1d1d0a05e49812df0e5b18e785a66ab799a12fef7e7a3f4ab4
-
SHA512
307d95a402d0f3e04749a43e9f8efe6f11926769e939deb7cde49012cd16ab8f6c4e9f3b82994e10cad212b76c3116d37daad6ca56209e445f081355676c3379
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-