General
-
Target
a22393320c18e047677b14f04e4a422d603afb0331e9067be0e7c8fe64afb1cd
-
Size
492KB
-
Sample
221126-eqsh1sed2w
-
MD5
7b3cb7eae3f917b6b326c020306b249d
-
SHA1
80bed6cd7a0b5f04003667bc8cd31ce68fc7b5b7
-
SHA256
a22393320c18e047677b14f04e4a422d603afb0331e9067be0e7c8fe64afb1cd
-
SHA512
38feb8b1dc91231ea7a57df227321fbc77cf0dc2383083d8aa6d8b2b98cc4b5d51fd3f5bd4a9f6934413ef384c219f4d85b982ec86a4a8f399c9865efffe2778
-
SSDEEP
6144:6S8unsXRHvE43VcV8nxPXeHDimeSujM4U:6SrnsBPE432qnleHDhujMd
Static task
static1
Behavioral task
behavioral1
Sample
a22393320c18e047677b14f04e4a422d603afb0331e9067be0e7c8fe64afb1cd.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://vivavideos.com.br/Ki/Panelnew/gate.php
Targets
-
-
Target
a22393320c18e047677b14f04e4a422d603afb0331e9067be0e7c8fe64afb1cd
-
Size
492KB
-
MD5
7b3cb7eae3f917b6b326c020306b249d
-
SHA1
80bed6cd7a0b5f04003667bc8cd31ce68fc7b5b7
-
SHA256
a22393320c18e047677b14f04e4a422d603afb0331e9067be0e7c8fe64afb1cd
-
SHA512
38feb8b1dc91231ea7a57df227321fbc77cf0dc2383083d8aa6d8b2b98cc4b5d51fd3f5bd4a9f6934413ef384c219f4d85b982ec86a4a8f399c9865efffe2778
-
SSDEEP
6144:6S8unsXRHvE43VcV8nxPXeHDimeSujM4U:6SrnsBPE432qnleHDhujMd
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-