General
-
Target
2b9dd20d3b0e08dac1eba2cf26a421ac1061fabf9ce39b5c336584a5ac795a3a
-
Size
421KB
-
Sample
221120-k5sp8aaf31
-
MD5
12740bc816d27f6b01b84c2ae75fdfd6
-
SHA1
5d03300b84dbfe552f0f43e7de4dd7a6cc53a522
-
SHA256
2b9dd20d3b0e08dac1eba2cf26a421ac1061fabf9ce39b5c336584a5ac795a3a
-
SHA512
165afadf623b6f8ad6a43ddb4b4b96732b7f14176264a9b9af4cf70814da174ccb124e5e5cef537bf415e179fc08d409e2b6dc435ecfd0445e5c9443a6edccd0
-
SSDEEP
6144:pZubh71nUmX25+OYCUkRBIxAHAfLdf5N+QxfkBN+JmV1d3XgneZYb4LfFu4B5n8M:/Eh9UmGDY4SRhESmV1dZYb0fzy63
Static task
static1
Behavioral task
behavioral1
Sample
2b9dd20d3b0e08dac1eba2cf26a421ac1061fabf9ce39b5c336584a5ac795a3a.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://kglso.ru/
http://dkaul.su/
-
payload_url
http://ffuex.su/f/sc.exe
http://ffuex.su/f/pkc.exe
http://ffuex.su/f/skc.exe
Targets
-
-
Target
2b9dd20d3b0e08dac1eba2cf26a421ac1061fabf9ce39b5c336584a5ac795a3a
-
Size
421KB
-
MD5
12740bc816d27f6b01b84c2ae75fdfd6
-
SHA1
5d03300b84dbfe552f0f43e7de4dd7a6cc53a522
-
SHA256
2b9dd20d3b0e08dac1eba2cf26a421ac1061fabf9ce39b5c336584a5ac795a3a
-
SHA512
165afadf623b6f8ad6a43ddb4b4b96732b7f14176264a9b9af4cf70814da174ccb124e5e5cef537bf415e179fc08d409e2b6dc435ecfd0445e5c9443a6edccd0
-
SSDEEP
6144:pZubh71nUmX25+OYCUkRBIxAHAfLdf5N+QxfkBN+JmV1d3XgneZYb4LfFu4B5n8M:/Eh9UmGDY4SRhESmV1dZYb0fzy63
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-