General
-
Target
96fe74112cdd458553cbda099294bc76408005bc1e8442f875580413c9057649
-
Size
101KB
-
Sample
221003-cnv51sbhb9
-
MD5
7b9448a86723aa3c3b23570ae51db699
-
SHA1
cde86b5b31433a3ad647ef1e95766ff785573227
-
SHA256
96fe74112cdd458553cbda099294bc76408005bc1e8442f875580413c9057649
-
SHA512
b3b4ba144c714f39cc0fdf02a741b3bf7e3ed79f7c7ae3fbf91c7270183efb241d8559fc75ffd9aa9a1b2e66435fc45f0611173e508893598d08487989609ea9
-
SSDEEP
1536:1WNY3a7DkmbPz32kQeVuL2mSqx3Ho7Nzr/QUuhRhfHdIEF31f:YN0r0z3PQ0qHo7dQnRhfn
Static task
static1
Behavioral task
behavioral1
Sample
96fe74112cdd458553cbda099294bc76408005bc1e8442f875580413c9057649.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://ebecbaltic.org/wp-content/languages/gate.php
http://comedyzone.in/templates/mail/gate.php
http://hokulele.us/gallery/images/gate.php
http://crcm.ca/wp-content/gallery/accueil-pro/gate.php
http://champigny2.ca/includes/domit/gate.php
http://astrosophia.ca/language/en-GB/gate.php
http://niinadilorenzodesigns.ca/wp-includes/js/gate.php
-
payload_url
http://hokulele.us/gallery/images/svchost.exe
http://crcm.ca/wp-content/gallery/accueil-pro/svchost.exe
http://champigny2.ca/includes/domit/svchost.exe
http://astrosophia.ca/language/en-GB/svchost.exe
http://niinadilorenzodesigns.ca/wp-includes/js/svchost.exe
http://menupro.com.au/images/products/geo/svchost.exe
http://amcrs.jp/svchost.exe
http://bpcn.jp/svchost.exe
Targets
-
-
Target
96fe74112cdd458553cbda099294bc76408005bc1e8442f875580413c9057649
-
Size
101KB
-
MD5
7b9448a86723aa3c3b23570ae51db699
-
SHA1
cde86b5b31433a3ad647ef1e95766ff785573227
-
SHA256
96fe74112cdd458553cbda099294bc76408005bc1e8442f875580413c9057649
-
SHA512
b3b4ba144c714f39cc0fdf02a741b3bf7e3ed79f7c7ae3fbf91c7270183efb241d8559fc75ffd9aa9a1b2e66435fc45f0611173e508893598d08487989609ea9
-
SSDEEP
1536:1WNY3a7DkmbPz32kQeVuL2mSqx3Ho7Nzr/QUuhRhfHdIEF31f:YN0r0z3PQ0qHo7dQnRhfn
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-