General
-
Target
feb8ef1b98b0eddaf5cef0efb04654cbd28de14784c494ee86e007a9961e7dfb
-
Size
355KB
-
Sample
221126-cqc28ahe2w
-
MD5
11544aa6c9c379507380849824a5d0e7
-
SHA1
3be186fb7015bccdc9f5d546c0f7f9717a4b3d82
-
SHA256
feb8ef1b98b0eddaf5cef0efb04654cbd28de14784c494ee86e007a9961e7dfb
-
SHA512
6fb6d4fe3ebf535083e44f5ca36d87f8867e5de600846bdb310b573cb5506c00077e2ec71ca6af49d59fb4950143e0c50494bc7d02a214caf799afeb9c161a35
-
SSDEEP
6144:xmyzKzFlFRPNTDN74VN2Aw4hLZ89OvBTqF3ukbf7YNuG7dyuSS/410MJczbHDz8S:xkJd7M189JBfFG5yk410MJAYGZwgT
Static task
static1
Behavioral task
behavioral1
Sample
product.scr
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://190.14.37.80/akpos/Panel/Panelz/gate.php
Targets
-
-
Target
product.scr
-
Size
624KB
-
MD5
fff4955ffce3b5e5260408e7fef6872d
-
SHA1
78b85c6cb35cb007882ecce9602b60cd6c5bae97
-
SHA256
a894c9771d9cf0a526dc628e2aaf508db00fac2cf5f3aa45688b6a10366dc19f
-
SHA512
e50b4668c8247b5c582d8818fdffaa9e4d7eb740197f7fc328b2defdd96b41bc472b04591b6ebfd87ec39e8faf7065b6304b0793270f7ffa7ab4db30d6ba0e75
-
SSDEEP
12288:mcER/WFqpOCIYqv2/eso4QDiWVpDiKiS9BYM1efta7iXS6GnEv0CNisXoNBW9x:mcER/WFqpOCIYqv2/eso4QDiW3DiKiSM
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-