General
-
Target
3b10c37fcd1e6f1d4a05c8eb5a504eebc6d9d24e7c86162ed22e7e99e0194116
-
Size
596KB
-
Sample
221126-g47k7sca9z
-
MD5
a695eff1bd4db157ed9cb110e73d2458
-
SHA1
ad0cf332a3ccb73d7c6eb541c9eda98b77a0acfa
-
SHA256
3b10c37fcd1e6f1d4a05c8eb5a504eebc6d9d24e7c86162ed22e7e99e0194116
-
SHA512
140507fab257ce37a37718f9eefe8b237f4179ee06ddc2bdd072fe2c8e5f8d011f385cfbd2e21fc1f6bd4d21e02db621f4d03c631e5186d1b7e6cc0326bc6cc7
-
SSDEEP
6144:d/dXwHf6Go1Lz5jlMaGYq9SJYJf6icbjBSpRoDomlZDd0+MhoMnX+GGjGGtGGxG2:/wyGoV5jlMeYACojFMuMnXPMGh
Static task
static1
Behavioral task
behavioral1
Sample
3b10c37fcd1e6f1d4a05c8eb5a504eebc6d9d24e7c86162ed22e7e99e0194116.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://www.creativehands.org.np/wp-admin/netw/new/gate.php
-
payload_url
http://www.creativehands.org.np/wp-admin/netw/new/micro.exe
Targets
-
-
Target
3b10c37fcd1e6f1d4a05c8eb5a504eebc6d9d24e7c86162ed22e7e99e0194116
-
Size
596KB
-
MD5
a695eff1bd4db157ed9cb110e73d2458
-
SHA1
ad0cf332a3ccb73d7c6eb541c9eda98b77a0acfa
-
SHA256
3b10c37fcd1e6f1d4a05c8eb5a504eebc6d9d24e7c86162ed22e7e99e0194116
-
SHA512
140507fab257ce37a37718f9eefe8b237f4179ee06ddc2bdd072fe2c8e5f8d011f385cfbd2e21fc1f6bd4d21e02db621f4d03c631e5186d1b7e6cc0326bc6cc7
-
SSDEEP
6144:d/dXwHf6Go1Lz5jlMaGYq9SJYJf6icbjBSpRoDomlZDd0+MhoMnX+GGjGGtGGxG2:/wyGoV5jlMeYACojFMuMnXPMGh
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-