General
-
Target
c5172b06333be1e00961479368dcb2f9f17c35ffcee2da0b96d1e2b0b904ec29
-
Size
148KB
-
Sample
221120-jfss9ach39
-
MD5
35e17714c9f8eee66e0be2b71845f673
-
SHA1
2803f21ced4dbf63386735da8d1f54c62bd32901
-
SHA256
c5172b06333be1e00961479368dcb2f9f17c35ffcee2da0b96d1e2b0b904ec29
-
SHA512
2133bc1addcb29e27ebdba9673ee66fce34206316fdfa6d86e96e67fabd6c38e31cd80d3de772a66c1524797bcad11d1f2bb618fc9bbfa88a8b82e8553895492
-
SSDEEP
3072:CCKOporQNnHd4hCAxnXsZc0Ptiy0dOSmn4Sk4z:CCKworQNVLzN0I/
Static task
static1
Behavioral task
behavioral1
Sample
c5172b06333be1e00961479368dcb2f9f17c35ffcee2da0b96d1e2b0b904ec29.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://00.massivecloudstore.com/forum/viewtopic.php
http://o.anygutterking.com/forum/viewtopic.php
-
payload_url
http://www.credidyaoriente.com.co/pbe.exe
http://3073.a.hostable.me/Z2U.exe
Targets
-
-
Target
c5172b06333be1e00961479368dcb2f9f17c35ffcee2da0b96d1e2b0b904ec29
-
Size
148KB
-
MD5
35e17714c9f8eee66e0be2b71845f673
-
SHA1
2803f21ced4dbf63386735da8d1f54c62bd32901
-
SHA256
c5172b06333be1e00961479368dcb2f9f17c35ffcee2da0b96d1e2b0b904ec29
-
SHA512
2133bc1addcb29e27ebdba9673ee66fce34206316fdfa6d86e96e67fabd6c38e31cd80d3de772a66c1524797bcad11d1f2bb618fc9bbfa88a8b82e8553895492
-
SSDEEP
3072:CCKOporQNnHd4hCAxnXsZc0Ptiy0dOSmn4Sk4z:CCKworQNVLzN0I/
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-