General
-
Target
d1b6ec516cba53160c8735dfbae27ca622cdb6ad2ba8678f17854c61a60293b8
-
Size
34KB
-
Sample
221125-z4zvgaaf2w
-
MD5
ffc70759554a98c81e0b1baad017e9cc
-
SHA1
d58235f028390ef0343ef712fe1c2685c62af3cd
-
SHA256
d1b6ec516cba53160c8735dfbae27ca622cdb6ad2ba8678f17854c61a60293b8
-
SHA512
25a8991b528879e936108b6fec7471c07e7473302174b833a15926e0c611ddca534b040d4eabe26fff06e8082c998d640bcbe9339b829055a09a704bad99b96f
-
SSDEEP
768:dGYFlx1DpvhTxgXIrx0kIoaaIPO4KlmdYKXrNUuVW6ySYGR:d1lx19ZTxgkakHmPrimPUxxGR
Behavioral task
behavioral1
Sample
d1b6ec516cba53160c8735dfbae27ca622cdb6ad2ba8678f17854c61a60293b8.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://loggonvelvego.com/shell/Panel/gate.php
-
payload_url
http://loggonvelvego.com/shell/Panel/mark.exe
Targets
-
-
Target
d1b6ec516cba53160c8735dfbae27ca622cdb6ad2ba8678f17854c61a60293b8
-
Size
34KB
-
MD5
ffc70759554a98c81e0b1baad017e9cc
-
SHA1
d58235f028390ef0343ef712fe1c2685c62af3cd
-
SHA256
d1b6ec516cba53160c8735dfbae27ca622cdb6ad2ba8678f17854c61a60293b8
-
SHA512
25a8991b528879e936108b6fec7471c07e7473302174b833a15926e0c611ddca534b040d4eabe26fff06e8082c998d640bcbe9339b829055a09a704bad99b96f
-
SSDEEP
768:dGYFlx1DpvhTxgXIrx0kIoaaIPO4KlmdYKXrNUuVW6ySYGR:d1lx19ZTxgkakHmPrimPUxxGR
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-