General
-
Target
b1b47bacdedd998df15a833a211d25f8f4ad96d5d8efeaae788bb206d83a3e2c
-
Size
97KB
-
Sample
221108-1xmf8scdhl
-
MD5
0b980adf5a321349bf13d4db644f3c60
-
SHA1
f54b257bc832077939274ec4bc1ec34fca9fd7f3
-
SHA256
b1b47bacdedd998df15a833a211d25f8f4ad96d5d8efeaae788bb206d83a3e2c
-
SHA512
06220364a7b3e1b166b27eb27dc2820a08c96a6e1a08a0321fb8564875e68bab8f777e9e4d76f3874948223c979e6c60ee177effac304477212ef8289ce2d449
-
SSDEEP
3072:ux5/RvHzB2u6qbK61YP24RVD6BYZhU/Ss14:upf5OP24LD5vUKO4
Static task
static1
Behavioral task
behavioral1
Sample
b1b47bacdedd998df15a833a211d25f8f4ad96d5d8efeaae788bb206d83a3e2c.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://nbfxcngf.info:4915/doc/black.php
http://mjftdsjg.info:888/doc/black.php
-
payload_url
http://gfdkhgvd.info:888/pic/Flash.exe
Targets
-
-
Target
b1b47bacdedd998df15a833a211d25f8f4ad96d5d8efeaae788bb206d83a3e2c
-
Size
97KB
-
MD5
0b980adf5a321349bf13d4db644f3c60
-
SHA1
f54b257bc832077939274ec4bc1ec34fca9fd7f3
-
SHA256
b1b47bacdedd998df15a833a211d25f8f4ad96d5d8efeaae788bb206d83a3e2c
-
SHA512
06220364a7b3e1b166b27eb27dc2820a08c96a6e1a08a0321fb8564875e68bab8f777e9e4d76f3874948223c979e6c60ee177effac304477212ef8289ce2d449
-
SSDEEP
3072:ux5/RvHzB2u6qbK61YP24RVD6BYZhU/Ss14:upf5OP24LD5vUKO4
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-