General
-
Target
a0adc790907eb9deaa6eee79194386aeaa5b05917b38ea48e70148f6379d3465
-
Size
327KB
-
Sample
221126-fg4qcsda27
-
MD5
4943388126d9d718ebde510c47c60642
-
SHA1
3b94eda32cec5981cf4d2e5c6d924a3119f7075e
-
SHA256
a0adc790907eb9deaa6eee79194386aeaa5b05917b38ea48e70148f6379d3465
-
SHA512
33437912eef5d5b838b5664c76d8c014a5d58f1dfd8f8eeca9e1549c58ec53e34e645ce73903608d7e2823014931751bbf82e7d04ef4eaa63766a14f08f5b6b1
-
SSDEEP
6144:dUrqA3AheuswyPnJ5ejM6bfx8/6AwUSj9:dUWA3AheuswysJ8/xwU29
Static task
static1
Behavioral task
behavioral1
Sample
a0adc790907eb9deaa6eee79194386aeaa5b05917b38ea48e70148f6379d3465.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://uche.fh2web.com/secure/secure.php
Targets
-
-
Target
a0adc790907eb9deaa6eee79194386aeaa5b05917b38ea48e70148f6379d3465
-
Size
327KB
-
MD5
4943388126d9d718ebde510c47c60642
-
SHA1
3b94eda32cec5981cf4d2e5c6d924a3119f7075e
-
SHA256
a0adc790907eb9deaa6eee79194386aeaa5b05917b38ea48e70148f6379d3465
-
SHA512
33437912eef5d5b838b5664c76d8c014a5d58f1dfd8f8eeca9e1549c58ec53e34e645ce73903608d7e2823014931751bbf82e7d04ef4eaa63766a14f08f5b6b1
-
SSDEEP
6144:dUrqA3AheuswyPnJ5ejM6bfx8/6AwUSj9:dUWA3AheuswysJ8/xwU29
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-