General
-
Target
b83acd65f5277de8e2c7f12076b11a371de878504e256f7e7d7e9c3254c076d9
-
Size
1.0MB
-
Sample
221123-lwkhxsfg9y
-
MD5
cf5d21179a8b1c6f244c8e51b9e31f30
-
SHA1
e5374d61e4fc5210fec0f6ffb1c108ee00d36ed0
-
SHA256
b83acd65f5277de8e2c7f12076b11a371de878504e256f7e7d7e9c3254c076d9
-
SHA512
8cfee36073e818d8c87fae0224f39cc84aedae65d368f9f55274432a42c4e100a179b9e729dcc925253014a273af89e6f511db7bd0c34bac95282e2c856959bb
-
SSDEEP
24576:8RmJkcoQricOIQxiZY1iaFfJ4OWF1CdCzyB:pJZoQrbTFZY1iaxJ4OqQ
Static task
static1
Behavioral task
behavioral1
Sample
b83acd65f5277de8e2c7f12076b11a371de878504e256f7e7d7e9c3254c076d9.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://eminem1234.serveftp.com/duos1/gate.php
Targets
-
-
Target
b83acd65f5277de8e2c7f12076b11a371de878504e256f7e7d7e9c3254c076d9
-
Size
1.0MB
-
MD5
cf5d21179a8b1c6f244c8e51b9e31f30
-
SHA1
e5374d61e4fc5210fec0f6ffb1c108ee00d36ed0
-
SHA256
b83acd65f5277de8e2c7f12076b11a371de878504e256f7e7d7e9c3254c076d9
-
SHA512
8cfee36073e818d8c87fae0224f39cc84aedae65d368f9f55274432a42c4e100a179b9e729dcc925253014a273af89e6f511db7bd0c34bac95282e2c856959bb
-
SSDEEP
24576:8RmJkcoQricOIQxiZY1iaFfJ4OWF1CdCzyB:pJZoQrbTFZY1iaxJ4OqQ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-