General
-
Target
1b067dce87e8a6c09070fa9f052c28ea3d69fcdcc57c2e569c37d4561b49fcb9
-
Size
2.5MB
-
Sample
221125-z5ewpaaf4y
-
MD5
74ee1a417fc9560f8726cf6b48457eef
-
SHA1
3310c1b7f88ab580772c026c60e08dab1f956580
-
SHA256
1b067dce87e8a6c09070fa9f052c28ea3d69fcdcc57c2e569c37d4561b49fcb9
-
SHA512
c8c57a2ae8d3b678d76cc2c9170a196e5399edce24baf5c27ffb5e0614b25502e09ac92c098b715a1d1cd2e143c08fe54e0fd5f2f52052973d541aa679c3b9c4
-
SSDEEP
49152:hDjfDNpDjDjDGDgDJDIDVDxDDDpDsD2DEDsDbDhD6DiDbDhDrDEDuDWT4ArGgvq:hDbDvDjDjDGDgDJDIDVDxDDDpDsD2DEV
Static task
static1
Behavioral task
behavioral1
Sample
1b067dce87e8a6c09070fa9f052c28ea3d69fcdcc57c2e569c37d4561b49fcb9.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://185.7.35.9/~peakedca/home/gate.php
Targets
-
-
Target
1b067dce87e8a6c09070fa9f052c28ea3d69fcdcc57c2e569c37d4561b49fcb9
-
Size
2.5MB
-
MD5
74ee1a417fc9560f8726cf6b48457eef
-
SHA1
3310c1b7f88ab580772c026c60e08dab1f956580
-
SHA256
1b067dce87e8a6c09070fa9f052c28ea3d69fcdcc57c2e569c37d4561b49fcb9
-
SHA512
c8c57a2ae8d3b678d76cc2c9170a196e5399edce24baf5c27ffb5e0614b25502e09ac92c098b715a1d1cd2e143c08fe54e0fd5f2f52052973d541aa679c3b9c4
-
SSDEEP
49152:hDjfDNpDjDjDGDgDJDIDVDxDDDpDsD2DEDsDbDhD6DiDbDhDrDEDuDWT4ArGgvq:hDbDvDjDjDGDgDJDIDVDxDDDpDsD2DEV
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-