General
-
Target
b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639
-
Size
146KB
-
Sample
221126-be8t3sec2x
-
MD5
0596c354d3bc4a70f76e86ac44e5179e
-
SHA1
de5db12f41c299116aeaf27d1d6b66c1649d3890
-
SHA256
b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639
-
SHA512
424ce957cb7631d632ce5f1cb806f9a67a78f8e43f856b321c1f08270148fc92edf921f59fd58e6c3ee999619fef46c2612e8768ace0dbd422abc804fd15626d
-
SSDEEP
3072:Ws7dFzS0qcFuKAfCw7ntjPGy/gud9T7Pxgvk4C21sr7c85GKdMkvtFx0iuFRQWHK:Ws7dFzS0I9Kej+r69GvXCei7qTTiuaW
Static task
static1
Behavioral task
behavioral1
Sample
b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://185.7.35.9/~peakedca/home/gate.php
Targets
-
-
Target
b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639
-
Size
146KB
-
MD5
0596c354d3bc4a70f76e86ac44e5179e
-
SHA1
de5db12f41c299116aeaf27d1d6b66c1649d3890
-
SHA256
b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639
-
SHA512
424ce957cb7631d632ce5f1cb806f9a67a78f8e43f856b321c1f08270148fc92edf921f59fd58e6c3ee999619fef46c2612e8768ace0dbd422abc804fd15626d
-
SSDEEP
3072:Ws7dFzS0qcFuKAfCw7ntjPGy/gud9T7Pxgvk4C21sr7c85GKdMkvtFx0iuFRQWHK:Ws7dFzS0I9Kej+r69GvXCei7qTTiuaW
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-