General
-
Target
6eda4ea2aa80583fee205dd4fbe964b44799c018ded9013770dddae5f6793482
-
Size
91KB
-
Sample
221120-e3vtxafg28
-
MD5
2e9c5e9d5c339eed7c7b3dcd29355f10
-
SHA1
e6ca4658d49e22d783b3c03b1d17b636eea8f1d8
-
SHA256
6eda4ea2aa80583fee205dd4fbe964b44799c018ded9013770dddae5f6793482
-
SHA512
49166ca40d0f60ae642725d3c73551c5231c785c4fda0e4fb177333c4222728eb2741b127b4d5dad4a3f2955e3e03d2bf9580eee0263230f156e0995c4bab318
-
SSDEEP
1536:D/2wfYp5g1ich3s4c7S7XnHUcd19kTZ6rWYZm5fKylYeeeeeeMeeeeeeH/C:D/0g1iijcQkc39k96rRZUnf
Static task
static1
Behavioral task
behavioral1
Sample
6eda4ea2aa80583fee205dd4fbe964b44799c018ded9013770dddae5f6793482.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://leksto.info:1757/pic/fly.php
http://yoples.info:1757/pic/fly.php
Targets
-
-
Target
6eda4ea2aa80583fee205dd4fbe964b44799c018ded9013770dddae5f6793482
-
Size
91KB
-
MD5
2e9c5e9d5c339eed7c7b3dcd29355f10
-
SHA1
e6ca4658d49e22d783b3c03b1d17b636eea8f1d8
-
SHA256
6eda4ea2aa80583fee205dd4fbe964b44799c018ded9013770dddae5f6793482
-
SHA512
49166ca40d0f60ae642725d3c73551c5231c785c4fda0e4fb177333c4222728eb2741b127b4d5dad4a3f2955e3e03d2bf9580eee0263230f156e0995c4bab318
-
SSDEEP
1536:D/2wfYp5g1ich3s4c7S7XnHUcd19kTZ6rWYZm5fKylYeeeeeeMeeeeeeH/C:D/0g1iijcQkc39k96rRZUnf
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-