General
-
Target
83fe7ac2262980a94861891f4a49e3e4fc12aeca2b06bda2e58ff3f4f62eb558
-
Size
297KB
-
Sample
221126-chp2tagh9w
-
MD5
c446479bcfeeba0cf0b7df77dff5baef
-
SHA1
536fe412431ceac140dc2ac7a2a5d4107551d3fb
-
SHA256
83fe7ac2262980a94861891f4a49e3e4fc12aeca2b06bda2e58ff3f4f62eb558
-
SHA512
095f454845ddf29c876cf7d5524c15d7345672a6fe74aa09574accecca7e5ef6333e4366790aec10e5f832e0f6f3794ed1dce4189c46f987acb8719d60dea63d
-
SSDEEP
6144:NRs9OAwWCadFPSMzW5fJ6GuSjisgGDErz9jkf806MKjYR:NRGOAwWZofLjRgGW948VjY
Static task
static1
Behavioral task
behavioral1
Sample
83fe7ac2262980a94861891f4a49e3e4fc12aeca2b06bda2e58ff3f4f62eb558.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://coco-bomgo.ru/wp-content/themes/twentytwelve/admin1/php/gate.php
Targets
-
-
Target
83fe7ac2262980a94861891f4a49e3e4fc12aeca2b06bda2e58ff3f4f62eb558
-
Size
297KB
-
MD5
c446479bcfeeba0cf0b7df77dff5baef
-
SHA1
536fe412431ceac140dc2ac7a2a5d4107551d3fb
-
SHA256
83fe7ac2262980a94861891f4a49e3e4fc12aeca2b06bda2e58ff3f4f62eb558
-
SHA512
095f454845ddf29c876cf7d5524c15d7345672a6fe74aa09574accecca7e5ef6333e4366790aec10e5f832e0f6f3794ed1dce4189c46f987acb8719d60dea63d
-
SSDEEP
6144:NRs9OAwWCadFPSMzW5fJ6GuSjisgGDErz9jkf806MKjYR:NRGOAwWZofLjRgGW948VjY
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-