General
-
Target
42f87570f9be56966cef8d3aca72509d14125d3ecb5504b2f7ec7bdf54118a90
-
Size
1.9MB
-
Sample
221126-kj3y3afa65
-
MD5
15a9103d4b99fcd908c1048b02aeb8f8
-
SHA1
f7df8f1f0e1c5a2183f4e2d705e25588e63f67e0
-
SHA256
42f87570f9be56966cef8d3aca72509d14125d3ecb5504b2f7ec7bdf54118a90
-
SHA512
b50e6237942aee5f40dc27dc69361ad468c689ce48e4703f0386f001da767794c29ba35fadf0bcb899c42778906021bb17b12f93ec218acfff9ee0d3de48c55a
-
SSDEEP
49152:2rzKZmTHjNLbRAGWe4cqPLylFyaJcrRUQ:UKZmTDNLbRAGocqPLylFyaJcrRUQ
Static task
static1
Behavioral task
behavioral1
Sample
42f87570f9be56966cef8d3aca72509d14125d3ecb5504b2f7ec7bdf54118a90.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
42f87570f9be56966cef8d3aca72509d14125d3ecb5504b2f7ec7bdf54118a90.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://usgroupe.ma/wp-admin/reet/gate.php
Targets
-
-
Target
42f87570f9be56966cef8d3aca72509d14125d3ecb5504b2f7ec7bdf54118a90
-
Size
1.9MB
-
MD5
15a9103d4b99fcd908c1048b02aeb8f8
-
SHA1
f7df8f1f0e1c5a2183f4e2d705e25588e63f67e0
-
SHA256
42f87570f9be56966cef8d3aca72509d14125d3ecb5504b2f7ec7bdf54118a90
-
SHA512
b50e6237942aee5f40dc27dc69361ad468c689ce48e4703f0386f001da767794c29ba35fadf0bcb899c42778906021bb17b12f93ec218acfff9ee0d3de48c55a
-
SSDEEP
49152:2rzKZmTHjNLbRAGWe4cqPLylFyaJcrRUQ:UKZmTDNLbRAGocqPLylFyaJcrRUQ
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-