General
-
Target
8583a7b27f2f08665cfd9bfe81a58cac45fda9ea93f48cb226e5c818326895aa
-
Size
2.1MB
-
Sample
221126-1bqa1aad7v
-
MD5
3aee1d3b499fdcbb350151761e99bad3
-
SHA1
b8835a0230b87317d795301712bd9fba049f4928
-
SHA256
8583a7b27f2f08665cfd9bfe81a58cac45fda9ea93f48cb226e5c818326895aa
-
SHA512
872911943165a5b059008e5b83e74aed5f17274e67dab086a7f86ad7c517b84e56d062daccc29316a78e2875dff05907a51a74d19b0d66b431a92a66d16128a9
-
SSDEEP
49152:A0l4lo5JJ41mCsXBbKu6pYfSaiLphjORS85V0wKt4dZC6hAAAAXt:A0qqB41tZbqGjYS2KhWC6O
Static task
static1
Behavioral task
behavioral1
Sample
8583a7b27f2f08665cfd9bfe81a58cac45fda9ea93f48cb226e5c818326895aa.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
8583a7b27f2f08665cfd9bfe81a58cac45fda9ea93f48cb226e5c818326895aa.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://rebeccasun.webatu.com/pony/gate.php
Targets
-
-
Target
8583a7b27f2f08665cfd9bfe81a58cac45fda9ea93f48cb226e5c818326895aa
-
Size
2.1MB
-
MD5
3aee1d3b499fdcbb350151761e99bad3
-
SHA1
b8835a0230b87317d795301712bd9fba049f4928
-
SHA256
8583a7b27f2f08665cfd9bfe81a58cac45fda9ea93f48cb226e5c818326895aa
-
SHA512
872911943165a5b059008e5b83e74aed5f17274e67dab086a7f86ad7c517b84e56d062daccc29316a78e2875dff05907a51a74d19b0d66b431a92a66d16128a9
-
SSDEEP
49152:A0l4lo5JJ41mCsXBbKu6pYfSaiLphjORS85V0wKt4dZC6hAAAAXt:A0qqB41tZbqGjYS2KhWC6O
Score10/10-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-