General
-
Target
c48a56c109ff3654a12213aa1d56aa9f833f23ccedb720dc4eee341988418d49
-
Size
69KB
-
Sample
221123-lwl2racd77
-
MD5
0690e94679a1137fc276f9a277bdaa58
-
SHA1
04f69e58fbb7a5a08ad0e39452d92af6ef5bdf45
-
SHA256
c48a56c109ff3654a12213aa1d56aa9f833f23ccedb720dc4eee341988418d49
-
SHA512
61dacabf85bc5b09d74a58e13eb0b8957f8a111c706d46b966ea996a26f6eb9f97df65f9d344ee58c54d4e4d5f83b749397db3eedd00e12d5bc9b722ae74f002
-
SSDEEP
768:rA6VTuFC1iVEj7cO0AgZuTQ+nyISnZdW1sl8XImC0EW751Kdwt:rA6QFimw0cTQ6p4Z81sMvC0h51KdU
Static task
static1
Behavioral task
behavioral1
Sample
c48a56c109ff3654a12213aa1d56aa9f833f23ccedb720dc4eee341988418d49.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://188.165.204.223:8080/pony/gate.php
Targets
-
-
Target
c48a56c109ff3654a12213aa1d56aa9f833f23ccedb720dc4eee341988418d49
-
Size
69KB
-
MD5
0690e94679a1137fc276f9a277bdaa58
-
SHA1
04f69e58fbb7a5a08ad0e39452d92af6ef5bdf45
-
SHA256
c48a56c109ff3654a12213aa1d56aa9f833f23ccedb720dc4eee341988418d49
-
SHA512
61dacabf85bc5b09d74a58e13eb0b8957f8a111c706d46b966ea996a26f6eb9f97df65f9d344ee58c54d4e4d5f83b749397db3eedd00e12d5bc9b722ae74f002
-
SSDEEP
768:rA6VTuFC1iVEj7cO0AgZuTQ+nyISnZdW1sl8XImC0EW751Kdwt:rA6QFimw0cTQ6p4Z81sMvC0h51KdU
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-