General
-
Target
cd0df6ec9a8e3fdc2d741f0a79a14d5b6dcae97fd5ca72a601c07b9c63007859
-
Size
168KB
-
Sample
221126-kbt17aef99
-
MD5
053c8e6d02767e5041dd456189905b70
-
SHA1
94a45535f2a1d1d227e1dacdf4f79301fda3caaa
-
SHA256
cd0df6ec9a8e3fdc2d741f0a79a14d5b6dcae97fd5ca72a601c07b9c63007859
-
SHA512
129e46ae8e370aeb472d4b45e9a04da6ba6d6ba53a65295a9b92fed646d3171e1168e2efde9c6fcfefcaa4c10439b618ccdad2f77ebd631f49f5b7a996d9f333
-
SSDEEP
3072:3WPJKas11QoA0J0E25UNhwTHXhm+kI0zSPqDhMq9i79mjt1L:3WPJKl11Q27MA9zMahMq9ec51
Static task
static1
Behavioral task
behavioral1
Sample
cd0df6ec9a8e3fdc2d741f0a79a14d5b6dcae97fd5ca72a601c07b9c63007859.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://software.0pu.ru/Panel/gate.php
Targets
-
-
Target
cd0df6ec9a8e3fdc2d741f0a79a14d5b6dcae97fd5ca72a601c07b9c63007859
-
Size
168KB
-
MD5
053c8e6d02767e5041dd456189905b70
-
SHA1
94a45535f2a1d1d227e1dacdf4f79301fda3caaa
-
SHA256
cd0df6ec9a8e3fdc2d741f0a79a14d5b6dcae97fd5ca72a601c07b9c63007859
-
SHA512
129e46ae8e370aeb472d4b45e9a04da6ba6d6ba53a65295a9b92fed646d3171e1168e2efde9c6fcfefcaa4c10439b618ccdad2f77ebd631f49f5b7a996d9f333
-
SSDEEP
3072:3WPJKas11QoA0J0E25UNhwTHXhm+kI0zSPqDhMq9i79mjt1L:3WPJKl11Q27MA9zMahMq9ec51
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-