General
-
Target
2587f394c485ab31f8f04fd627da20884019980055de1a949147a6af28b13170
-
Size
88KB
-
Sample
221002-lrg71ahgh9
-
MD5
65cac1988793cbffda3ad67b065cade0
-
SHA1
b5711cad13bd7d22444a74e78ff5d05d363d2d97
-
SHA256
2587f394c485ab31f8f04fd627da20884019980055de1a949147a6af28b13170
-
SHA512
7172495113c311a55cae793de701baa345d627705db9a797fbb576b05cbb519d368413d65a8220aea6fc536a7f3315c48b39b746e707f97d69339f812d9f3797
-
SSDEEP
1536:29aTff+Vt58Nir18lhGm8BuMyZTPjvcVuL1AzrSMVx55ZS+G8USRlE4O3zzmOEC1:2gf+8iZCGWMejLcVmYrSexTjr1RK3nmy
Static task
static1
Behavioral task
behavioral1
Sample
2587f394c485ab31f8f04fd627da20884019980055de1a949147a6af28b13170.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2587f394c485ab31f8f04fd627da20884019980055de1a949147a6af28b13170.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://podaro-vk.esy.es/gate.php
Targets
-
-
Target
2587f394c485ab31f8f04fd627da20884019980055de1a949147a6af28b13170
-
Size
88KB
-
MD5
65cac1988793cbffda3ad67b065cade0
-
SHA1
b5711cad13bd7d22444a74e78ff5d05d363d2d97
-
SHA256
2587f394c485ab31f8f04fd627da20884019980055de1a949147a6af28b13170
-
SHA512
7172495113c311a55cae793de701baa345d627705db9a797fbb576b05cbb519d368413d65a8220aea6fc536a7f3315c48b39b746e707f97d69339f812d9f3797
-
SSDEEP
1536:29aTff+Vt58Nir18lhGm8BuMyZTPjvcVuL1AzrSMVx55ZS+G8USRlE4O3zzmOEC1:2gf+8iZCGWMejLcVmYrSexTjr1RK3nmy
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-