General
-
Target
e324d73b36f1fd31c53f6ae21457c2fd57f90be56dcd776efbe06b01fdaf3d5d
-
Size
114KB
-
Sample
221123-lvv82acd29
-
MD5
d1c356cee3bca5290995439d88275578
-
SHA1
3efc30767363745bbebcd35f76e538efdd093ce3
-
SHA256
e324d73b36f1fd31c53f6ae21457c2fd57f90be56dcd776efbe06b01fdaf3d5d
-
SHA512
8b6e79a6496977bf8116ace8e8dd9ee18182cae2ef63168b0513f8a97f1df89925497a034453126e1d92a9426aafad5f91d5ec81cfee10976690263964d360e6
-
SSDEEP
3072:LxhUq9GcH6pxNmPWeJ4zd4oteiCLFKzZ4dRayYu:lqq9Gb8W7h7texFKzZ4ray
Static task
static1
Behavioral task
behavioral1
Sample
e324d73b36f1fd31c53f6ae21457c2fd57f90be56dcd776efbe06b01fdaf3d5d.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://golklopro.com/bitrix/modules.php
http://cosjesgame.su/bitrix/modules.php
http://musicacademymadras.in/333
http://ethostraining.es/333.cab
http://acfnet.com.br/333.jpg
-
payload_url
http://vistabuys.com/333.exe
Targets
-
-
Target
e324d73b36f1fd31c53f6ae21457c2fd57f90be56dcd776efbe06b01fdaf3d5d
-
Size
114KB
-
MD5
d1c356cee3bca5290995439d88275578
-
SHA1
3efc30767363745bbebcd35f76e538efdd093ce3
-
SHA256
e324d73b36f1fd31c53f6ae21457c2fd57f90be56dcd776efbe06b01fdaf3d5d
-
SHA512
8b6e79a6496977bf8116ace8e8dd9ee18182cae2ef63168b0513f8a97f1df89925497a034453126e1d92a9426aafad5f91d5ec81cfee10976690263964d360e6
-
SSDEEP
3072:LxhUq9GcH6pxNmPWeJ4zd4oteiCLFKzZ4dRayYu:lqq9Gb8W7h7texFKzZ4ray
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-