General
-
Target
7de1bf92bf36e8bc2affa006547ff2809a927a2d489ae8b34c2d57b83b88b9c0
-
Size
596KB
-
Sample
221126-jkga1scg57
-
MD5
3bd0f5a04952c1f522e51b509c12a370
-
SHA1
0c788da376cc061c393d9deec22b759c195020fb
-
SHA256
7de1bf92bf36e8bc2affa006547ff2809a927a2d489ae8b34c2d57b83b88b9c0
-
SHA512
838184f5f20ec29fda8965447be81eb254fb5f49c1468a83654a868ee7d8fcce75d651252f1781e3998810658d489498b5de2bd76c59c1f0cd051d671b05ad23
-
SSDEEP
12288:ko0ZjcnNr3SP4Ybgob0vSZcVm/IMnfiNAKrObQnOxTYS:kPZjcnx64eIvFMIQ6PrOcnCYS
Static task
static1
Behavioral task
behavioral1
Sample
7de1bf92bf36e8bc2affa006547ff2809a927a2d489ae8b34c2d57b83b88b9c0.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://osinachi.site40.net/helo/gate.php
Targets
-
-
Target
7de1bf92bf36e8bc2affa006547ff2809a927a2d489ae8b34c2d57b83b88b9c0
-
Size
596KB
-
MD5
3bd0f5a04952c1f522e51b509c12a370
-
SHA1
0c788da376cc061c393d9deec22b759c195020fb
-
SHA256
7de1bf92bf36e8bc2affa006547ff2809a927a2d489ae8b34c2d57b83b88b9c0
-
SHA512
838184f5f20ec29fda8965447be81eb254fb5f49c1468a83654a868ee7d8fcce75d651252f1781e3998810658d489498b5de2bd76c59c1f0cd051d671b05ad23
-
SSDEEP
12288:ko0ZjcnNr3SP4Ybgob0vSZcVm/IMnfiNAKrObQnOxTYS:kPZjcnx64eIvFMIQ6PrOcnCYS
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-