General
-
Target
5908ee35ba3fd88b7ffbc657655d51fc2a4be65198c8dfb7034ab2c4b15ea60c
-
Size
84KB
-
Sample
221126-kbp28sef96
-
MD5
bf5256a9a0cd4542cac9d4334628ebea
-
SHA1
a5ef591fc68dfbc6787c31dd030c55c82d67902e
-
SHA256
5908ee35ba3fd88b7ffbc657655d51fc2a4be65198c8dfb7034ab2c4b15ea60c
-
SHA512
dcd81038eac1d300483df81555178f8e92e83cd1ece9a262e7b02609d2682f1ba60b9996b8ec66b6b945d03756190b678064b949f0037790b84214a7afa7598a
-
SSDEEP
1536:IByI/qNTqFeUVk19k3yhI9isTY8JvqMIruYZ7iR3cu/OY6LCtR:GyIiTJ/ZuYMTs7u/OYQYR
Static task
static1
Behavioral task
behavioral1
Sample
5908ee35ba3fd88b7ffbc657655d51fc2a4be65198c8dfb7034ab2c4b15ea60c.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://sweetstrass.com/css/pony/Panel/gate.php
-
payload_url
http://sweetstrass.com/css/pony/Panel/Purchase Order.exe
Targets
-
-
Target
5908ee35ba3fd88b7ffbc657655d51fc2a4be65198c8dfb7034ab2c4b15ea60c
-
Size
84KB
-
MD5
bf5256a9a0cd4542cac9d4334628ebea
-
SHA1
a5ef591fc68dfbc6787c31dd030c55c82d67902e
-
SHA256
5908ee35ba3fd88b7ffbc657655d51fc2a4be65198c8dfb7034ab2c4b15ea60c
-
SHA512
dcd81038eac1d300483df81555178f8e92e83cd1ece9a262e7b02609d2682f1ba60b9996b8ec66b6b945d03756190b678064b949f0037790b84214a7afa7598a
-
SSDEEP
1536:IByI/qNTqFeUVk19k3yhI9isTY8JvqMIruYZ7iR3cu/OY6LCtR:GyIiTJ/ZuYMTs7u/OYQYR
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-