General
-
Target
ff3f2f9c57aacff23d60e103dbc34349890b40ddb5ce1c5a4f6283d0942a7795
-
Size
91KB
-
Sample
221119-gpsthacb2v
-
MD5
14fabac08e26bd72ca56c97be179cde0
-
SHA1
2ba166a31140c8a34ef941e38094cded8024abb1
-
SHA256
ff3f2f9c57aacff23d60e103dbc34349890b40ddb5ce1c5a4f6283d0942a7795
-
SHA512
b74543cdc27d3470d27f4dfa5b513fac3fba2d9c49cea114f68602564360839c0bee3329bdc9008da3c292d677787998b85157fb045d0c25072c4c68e4e4838c
-
SSDEEP
1536:uMlYx8d722f/BH7ECuQkKRfkkhFNnUBot/TCZn5p76zmKlYCn7KOpaYdfo7uPIbQ:uEAs2Y7EskKBkcXnCg7M5p7SmTcKIFoK
Static task
static1
Behavioral task
behavioral1
Sample
ff3f2f9c57aacff23d60e103dbc34349890b40ddb5ce1c5a4f6283d0942a7795.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://gooderix.info:9135/pic/fly.php
http://vooderax.info:9135/pic/fly.php
Targets
-
-
Target
ff3f2f9c57aacff23d60e103dbc34349890b40ddb5ce1c5a4f6283d0942a7795
-
Size
91KB
-
MD5
14fabac08e26bd72ca56c97be179cde0
-
SHA1
2ba166a31140c8a34ef941e38094cded8024abb1
-
SHA256
ff3f2f9c57aacff23d60e103dbc34349890b40ddb5ce1c5a4f6283d0942a7795
-
SHA512
b74543cdc27d3470d27f4dfa5b513fac3fba2d9c49cea114f68602564360839c0bee3329bdc9008da3c292d677787998b85157fb045d0c25072c4c68e4e4838c
-
SSDEEP
1536:uMlYx8d722f/BH7ECuQkKRfkkhFNnUBot/TCZn5p76zmKlYCn7KOpaYdfo7uPIbQ:uEAs2Y7EskKBkcXnCg7M5p7SmTcKIFoK
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-