General
-
Target
b5194089c672957913c3056fa54ebdc903646730b117cf59a268b45e3ebd28b4
-
Size
97KB
-
Sample
221002-ppqcdagebj
-
MD5
6dc5205c6a0ea14696361bdb4c7d0930
-
SHA1
211235345685a17dbf052775c06ba8ab6732823e
-
SHA256
b5194089c672957913c3056fa54ebdc903646730b117cf59a268b45e3ebd28b4
-
SHA512
643ceb1d84d5c4d0b9f92a7539b5fed6f739a7b47a16d01277ff544a8ea55ab9c9ffc0484a6beb04253bd27ea04f522fd662cfcc982a015a606348e0377b24e9
-
SSDEEP
1536:tgLSZJP3QDk6pa2MHUOvleaUmVnN4Pvwjdjuio31D3fQQQfI:tgLSLPZ680OvlesrmIjdjXolD3YZfI
Static task
static1
Behavioral task
behavioral1
Sample
b5194089c672957913c3056fa54ebdc903646730b117cf59a268b45e3ebd28b4.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://ksleak.info:4915/pic/staff.php
http://ktagty.info:4915/pic/staff.php
Targets
-
-
Target
b5194089c672957913c3056fa54ebdc903646730b117cf59a268b45e3ebd28b4
-
Size
97KB
-
MD5
6dc5205c6a0ea14696361bdb4c7d0930
-
SHA1
211235345685a17dbf052775c06ba8ab6732823e
-
SHA256
b5194089c672957913c3056fa54ebdc903646730b117cf59a268b45e3ebd28b4
-
SHA512
643ceb1d84d5c4d0b9f92a7539b5fed6f739a7b47a16d01277ff544a8ea55ab9c9ffc0484a6beb04253bd27ea04f522fd662cfcc982a015a606348e0377b24e9
-
SSDEEP
1536:tgLSZJP3QDk6pa2MHUOvleaUmVnN4Pvwjdjuio31D3fQQQfI:tgLSLPZ680OvlesrmIjdjXolD3YZfI
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-