General
-
Target
004bd06f5b00b0a1d80ec9c583bc227d78de9184508b854ae04aa0b4152bbe7e
-
Size
86KB
-
Sample
221003-b3pq4scebl
-
MD5
3d5b26c8dbc5cc76a00eea0418c66c90
-
SHA1
26ccdb3b400526fdf54a26928e68a463ea2bbd18
-
SHA256
004bd06f5b00b0a1d80ec9c583bc227d78de9184508b854ae04aa0b4152bbe7e
-
SHA512
5dedf007fe8c3372fb29c40eb4a0a4ea1ab52e002b18b4b2486bdbdf2f61f3b7ec5d51b8db2927c73f8ba76b968ba58f0cb29e08e818152a949bdb59baaccf84
-
SSDEEP
1536:DQpYYYbLGPyGgwMNkDBPZeYFsZTF35hY+Tosc9hLBai2Fsgxy9Miv3C27:DTynMNVYF0l7TosQAtF5y9MEy2
Static task
static1
Behavioral task
behavioral1
Sample
004bd06f5b00b0a1d80ec9c583bc227d78de9184508b854ae04aa0b4152bbe7e.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://ldyuior.pw:4915/doc/black.php
http://ldyuior.pw:888/doc/black.php
-
payload_url
http://dutkjr4.pw:888/pic/Flash.exe
Targets
-
-
Target
004bd06f5b00b0a1d80ec9c583bc227d78de9184508b854ae04aa0b4152bbe7e
-
Size
86KB
-
MD5
3d5b26c8dbc5cc76a00eea0418c66c90
-
SHA1
26ccdb3b400526fdf54a26928e68a463ea2bbd18
-
SHA256
004bd06f5b00b0a1d80ec9c583bc227d78de9184508b854ae04aa0b4152bbe7e
-
SHA512
5dedf007fe8c3372fb29c40eb4a0a4ea1ab52e002b18b4b2486bdbdf2f61f3b7ec5d51b8db2927c73f8ba76b968ba58f0cb29e08e818152a949bdb59baaccf84
-
SSDEEP
1536:DQpYYYbLGPyGgwMNkDBPZeYFsZTF35hY+Tosc9hLBai2Fsgxy9Miv3C27:DTynMNVYF0l7TosQAtF5y9MEy2
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-