General
-
Target
b91f8434f2b101183098d13fb1bf15c0ee7690429d7026993da2dbe7ffd54660
-
Size
101KB
-
Sample
221002-pngnvagddr
-
MD5
7002528c7ca3679ec9c636998bfd2220
-
SHA1
1dba14ebed4575cf45a13dc4402c55a1d863ebe2
-
SHA256
b91f8434f2b101183098d13fb1bf15c0ee7690429d7026993da2dbe7ffd54660
-
SHA512
1f73311cdda9dfb3cd7777b3af89a5739345582e2b9957aad041650b6ce2f4e27305d68eb13001ccc4b947c29e160f8ff8fc9e3d56d6fa258ae777f379429a6b
-
SSDEEP
3072:e5WwE8ZAqVohyz1RReQFuqQw/EwSJIjIOi:e5WhrkheQFbQCEwS
Static task
static1
Behavioral task
behavioral1
Sample
b91f8434f2b101183098d13fb1bf15c0ee7690429d7026993da2dbe7ffd54660.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://colekary.info:2013/pic/staff.php
http://pvelrary.info:2013/pic/staff.php
-
payload_url
http://pvelrary.info:2013/pic/poclbm.exe
Targets
-
-
Target
b91f8434f2b101183098d13fb1bf15c0ee7690429d7026993da2dbe7ffd54660
-
Size
101KB
-
MD5
7002528c7ca3679ec9c636998bfd2220
-
SHA1
1dba14ebed4575cf45a13dc4402c55a1d863ebe2
-
SHA256
b91f8434f2b101183098d13fb1bf15c0ee7690429d7026993da2dbe7ffd54660
-
SHA512
1f73311cdda9dfb3cd7777b3af89a5739345582e2b9957aad041650b6ce2f4e27305d68eb13001ccc4b947c29e160f8ff8fc9e3d56d6fa258ae777f379429a6b
-
SSDEEP
3072:e5WwE8ZAqVohyz1RReQFuqQw/EwSJIjIOi:e5WhrkheQFbQCEwS
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-