General
-
Target
5a928cc58ee7dec8cb3f23820a0f58d4633b927bc5d57c3f203d643e9192d8ba
-
Size
448KB
-
Sample
221123-vner5scd7v
-
MD5
2792e47142bc4e6049ba4bc13dffa575
-
SHA1
59698e5842495f6ca6955fc97c69fdb877c1b92c
-
SHA256
5a928cc58ee7dec8cb3f23820a0f58d4633b927bc5d57c3f203d643e9192d8ba
-
SHA512
950a63f9a0cafa0f2d39ea92440fbfdb3f41dae7dbadbfa76ed596ac76d6389c41c8c4cdf9992f0ff3f7549d3a353167633e0b53c31ce661f95870458721f764
-
SSDEEP
6144:j6YMhruydTkLGBpQ+fUPREjohgkmDVH70aRiXTf0QO9VmQ+fUPREjoq:j6YMhrJTGGBfEHO67XT098EI
Static task
static1
Behavioral task
behavioral1
Sample
5a928cc58ee7dec8cb3f23820a0f58d4633b927bc5d57c3f203d643e9192d8ba.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://72.52.216.121/~ravencl/wordpress/po/gate.php
Targets
-
-
Target
5a928cc58ee7dec8cb3f23820a0f58d4633b927bc5d57c3f203d643e9192d8ba
-
Size
448KB
-
MD5
2792e47142bc4e6049ba4bc13dffa575
-
SHA1
59698e5842495f6ca6955fc97c69fdb877c1b92c
-
SHA256
5a928cc58ee7dec8cb3f23820a0f58d4633b927bc5d57c3f203d643e9192d8ba
-
SHA512
950a63f9a0cafa0f2d39ea92440fbfdb3f41dae7dbadbfa76ed596ac76d6389c41c8c4cdf9992f0ff3f7549d3a353167633e0b53c31ce661f95870458721f764
-
SSDEEP
6144:j6YMhruydTkLGBpQ+fUPREjohgkmDVH70aRiXTf0QO9VmQ+fUPREjoq:j6YMhrJTGGBfEHO67XT098EI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-