General
-
Target
2a1bf6841df23bce75019f018e98defcaed6b2a3ccd9bcf02ddf789d07bdcb84
-
Size
908KB
-
Sample
221120-e9mrwabc9t
-
MD5
14f9fa25b71804de4dfaf92bcadb43a0
-
SHA1
396f14d8cc047fd197e7bc295f692d6f3367129a
-
SHA256
2a1bf6841df23bce75019f018e98defcaed6b2a3ccd9bcf02ddf789d07bdcb84
-
SHA512
0f19058f736e2f049f4e3aefe5f5b76021a294c90c29aed8988307a6ce70049b9f21cf42e4d02af741c1c351d192da3335d867e1c1ee88a7852ff6bac72f589b
-
SSDEEP
12288:ghkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aLspi8jmZGR6AnSk:oRmJkcoQricOIQxiZY1iaii86m6Xk
Static task
static1
Behavioral task
behavioral1
Sample
2a1bf6841df23bce75019f018e98defcaed6b2a3ccd9bcf02ddf789d07bdcb84.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://bubzie404.coolpage.biz/gate.php
Targets
-
-
Target
2a1bf6841df23bce75019f018e98defcaed6b2a3ccd9bcf02ddf789d07bdcb84
-
Size
908KB
-
MD5
14f9fa25b71804de4dfaf92bcadb43a0
-
SHA1
396f14d8cc047fd197e7bc295f692d6f3367129a
-
SHA256
2a1bf6841df23bce75019f018e98defcaed6b2a3ccd9bcf02ddf789d07bdcb84
-
SHA512
0f19058f736e2f049f4e3aefe5f5b76021a294c90c29aed8988307a6ce70049b9f21cf42e4d02af741c1c351d192da3335d867e1c1ee88a7852ff6bac72f589b
-
SSDEEP
12288:ghkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aLspi8jmZGR6AnSk:oRmJkcoQricOIQxiZY1iaii86m6Xk
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-