General
-
Target
d96cc84761813a7778fd6447f672776f7321cce321950b5de58e8a45ef0589a4
-
Size
146KB
-
Sample
221125-z5gqaaaf5t
-
MD5
dc3d90bb3f23edf6948016dec399f1d1
-
SHA1
96bbb9ce9e72130f6ec0730e9d8e65aff972d52d
-
SHA256
d96cc84761813a7778fd6447f672776f7321cce321950b5de58e8a45ef0589a4
-
SHA512
9ad9ef8923fd5291d0361e2d02c90916eb1a4d9695d79beb060a24d8e8d43203ed419f127d6246c7828f57883315c3d1db1c1f501023aca584beaa1b75edf6f1
-
SSDEEP
3072:nwQMZvj7qcpjE2mbHie0viBKGRyrfgFW+pl9Jwb2yax5QqrmMxPFKXzGm8S5Q+:ij7qchEXdwazJJyax5QqSMxPFKXv5Q+
Static task
static1
Behavioral task
behavioral1
Sample
d96cc84761813a7778fd6447f672776f7321cce321950b5de58e8a45ef0589a4.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://abalinaa.in/Panel/gate.php
-
payload_url
http://abalinaa.in/Panel/micro.exe
Targets
-
-
Target
d96cc84761813a7778fd6447f672776f7321cce321950b5de58e8a45ef0589a4
-
Size
146KB
-
MD5
dc3d90bb3f23edf6948016dec399f1d1
-
SHA1
96bbb9ce9e72130f6ec0730e9d8e65aff972d52d
-
SHA256
d96cc84761813a7778fd6447f672776f7321cce321950b5de58e8a45ef0589a4
-
SHA512
9ad9ef8923fd5291d0361e2d02c90916eb1a4d9695d79beb060a24d8e8d43203ed419f127d6246c7828f57883315c3d1db1c1f501023aca584beaa1b75edf6f1
-
SSDEEP
3072:nwQMZvj7qcpjE2mbHie0viBKGRyrfgFW+pl9Jwb2yax5QqrmMxPFKXzGm8S5Q+:ij7qchEXdwazJJyax5QqSMxPFKXv5Q+
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-