General
-
Target
3b5c90a99d6c734868404b94e1d9ebb8def20627e442eb533f07dd1028e80b15
-
Size
185KB
-
Sample
221126-fgfzasgc2y
-
MD5
868d47377da64609639783a27959443c
-
SHA1
cccd396277b901228e49d08bc45f5f0fa3b56cf6
-
SHA256
3b5c90a99d6c734868404b94e1d9ebb8def20627e442eb533f07dd1028e80b15
-
SHA512
17cd41532200c195ba63791ec65d3d77bb41a56b212017c2f5bf99cbc06a5d4f0f5c56488522f3c9c4720ce8d7ed9df9b56dafcab2850b69b050c4ca1c1d092b
-
SSDEEP
3072:ZZI24z6lbLGzkVPXAUWXqB8HFYfWIvzIEde7AkdCXcCIDwmZYSCrYsMHIl:ZZl42ikVfEqBbfWIb7eHDymeSujMHY
Static task
static1
Behavioral task
behavioral1
Sample
New PI sample prodcuts.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://vivavideos.com.br/Ki/Panelnew/gate.php
Targets
-
-
Target
New PI sample prodcuts.exe
-
Size
492KB
-
MD5
7b3cb7eae3f917b6b326c020306b249d
-
SHA1
80bed6cd7a0b5f04003667bc8cd31ce68fc7b5b7
-
SHA256
a22393320c18e047677b14f04e4a422d603afb0331e9067be0e7c8fe64afb1cd
-
SHA512
38feb8b1dc91231ea7a57df227321fbc77cf0dc2383083d8aa6d8b2b98cc4b5d51fd3f5bd4a9f6934413ef384c219f4d85b982ec86a4a8f399c9865efffe2778
-
SSDEEP
6144:6S8unsXRHvE43VcV8nxPXeHDimeSujM4U:6SrnsBPE432qnleHDhujMd
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-