General
-
Target
13dbade74afe153f71398343874ca35f838fe785610e162eb82c07afc7875823
-
Size
106KB
-
Sample
221120-ldhllsff52
-
MD5
247f5ecb6aaab9999b6cffa0a79aa250
-
SHA1
dc26edb42618c949974835e4218d4d2cbffe1cbc
-
SHA256
13dbade74afe153f71398343874ca35f838fe785610e162eb82c07afc7875823
-
SHA512
4c6964ebcf9e3167452396b74cbc1880bd6618c84214ab664adde518e6e2d8c6e641f8a28296cb4279e51d4d32dff6217904c1280938abbe91980bc52993444d
-
SSDEEP
1536:/A+ElI0E3CMQKv/zwXXOnXDI5ShNPNd7o2bmrkOxWMPLYBbDnTNAzzu:0i0E3kKzwXXO85GNlRo2b4kmPKXnTUz
Static task
static1
Behavioral task
behavioral1
Sample
13dbade74afe153f71398343874ca35f838fe785610e162eb82c07afc7875823.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://dlywptw.info:4915/way/like.php
http://lekgosr.info:4915/way/like.php
Targets
-
-
Target
13dbade74afe153f71398343874ca35f838fe785610e162eb82c07afc7875823
-
Size
106KB
-
MD5
247f5ecb6aaab9999b6cffa0a79aa250
-
SHA1
dc26edb42618c949974835e4218d4d2cbffe1cbc
-
SHA256
13dbade74afe153f71398343874ca35f838fe785610e162eb82c07afc7875823
-
SHA512
4c6964ebcf9e3167452396b74cbc1880bd6618c84214ab664adde518e6e2d8c6e641f8a28296cb4279e51d4d32dff6217904c1280938abbe91980bc52993444d
-
SSDEEP
1536:/A+ElI0E3CMQKv/zwXXOnXDI5ShNPNd7o2bmrkOxWMPLYBbDnTNAzzu:0i0E3kKzwXXO85GNlRo2b4kmPKXnTUz
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-