General
-
Target
bb43be925a1ec51a3bdf5d092e708b363ab115cc3154c6dde3d1680b189d1194
-
Size
295KB
-
Sample
221120-e3pynaba5w
-
MD5
3613a871fcf5487c4e5ff61f36428df0
-
SHA1
f01fa5ad2522379f175e2d1ee85a5720ba9daf63
-
SHA256
bb43be925a1ec51a3bdf5d092e708b363ab115cc3154c6dde3d1680b189d1194
-
SHA512
2b2b30121cb33a3b544553421896095eebb6b0c07a9640ffedc69020b7d2c84feba59aa6bc41639d6b0015645a367e92b0453435a7ca3d9871e722e2e1b58a00
-
SSDEEP
3072:JM7Avbd58YOtl6S+JwszGd6NSq1/JAQ1+vuMlyruMHSVlp9jlCgptKgPz2x2AoUv:sqzvz7UmvrRsj95CYPz2xPfAOwbZGA
Static task
static1
Behavioral task
behavioral1
Sample
bb43be925a1ec51a3bdf5d092e708b363ab115cc3154c6dde3d1680b189d1194.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://cyberial-team.xyz/pharell/gate.php
Targets
-
-
Target
bb43be925a1ec51a3bdf5d092e708b363ab115cc3154c6dde3d1680b189d1194
-
Size
295KB
-
MD5
3613a871fcf5487c4e5ff61f36428df0
-
SHA1
f01fa5ad2522379f175e2d1ee85a5720ba9daf63
-
SHA256
bb43be925a1ec51a3bdf5d092e708b363ab115cc3154c6dde3d1680b189d1194
-
SHA512
2b2b30121cb33a3b544553421896095eebb6b0c07a9640ffedc69020b7d2c84feba59aa6bc41639d6b0015645a367e92b0453435a7ca3d9871e722e2e1b58a00
-
SSDEEP
3072:JM7Avbd58YOtl6S+JwszGd6NSq1/JAQ1+vuMlyruMHSVlp9jlCgptKgPz2x2AoUv:sqzvz7UmvrRsj95CYPz2xPfAOwbZGA
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-