General
-
Target
accc8baa3c71a966f8b597ab43b7968ca8ed85976d963fe6f4cb9bff4e583bad
-
Size
98KB
-
Sample
221003-a6ws6abagn
-
MD5
6e45317a01df8ec402c4f7d7567d0882
-
SHA1
2a0128427684e525847c9a34722811382cddbb21
-
SHA256
accc8baa3c71a966f8b597ab43b7968ca8ed85976d963fe6f4cb9bff4e583bad
-
SHA512
8e3eaa4b3645263a8610dec8e410f20cdcb01401f7b421976329237c117e6c9154bd85ac2cb8a2f02b4c6e8ac547215aa999c275617e190b410c289964aae821
-
SSDEEP
1536:U8DteyFl41q1dlor984L5028c/GYJ+n6pQjqMgliW92d9veKxjUWoy3JBX7:xDUyF5lor984Lv/XmdgoWsvX13L
Static task
static1
Behavioral task
behavioral1
Sample
accc8baa3c71a966f8b597ab43b7968ca8ed85976d963fe6f4cb9bff4e583bad.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://laketys.pw:719/way/open.php
http://voleddak.pw:719/way/open.php
http://vopedala.pw:719/way/upd
Targets
-
-
Target
accc8baa3c71a966f8b597ab43b7968ca8ed85976d963fe6f4cb9bff4e583bad
-
Size
98KB
-
MD5
6e45317a01df8ec402c4f7d7567d0882
-
SHA1
2a0128427684e525847c9a34722811382cddbb21
-
SHA256
accc8baa3c71a966f8b597ab43b7968ca8ed85976d963fe6f4cb9bff4e583bad
-
SHA512
8e3eaa4b3645263a8610dec8e410f20cdcb01401f7b421976329237c117e6c9154bd85ac2cb8a2f02b4c6e8ac547215aa999c275617e190b410c289964aae821
-
SSDEEP
1536:U8DteyFl41q1dlor984L5028c/GYJ+n6pQjqMgliW92d9veKxjUWoy3JBX7:xDUyF5lor984Lv/XmdgoWsvX13L
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-