General
-
Target
26eabc0421a96de6cce085fa771d4f419876664f1e14978bb6f5b01bd9c3bcb5
-
Size
168KB
-
Sample
221126-kk4a8aaa9w
-
MD5
81d77c62cc4f4d3e5891fe39d4748935
-
SHA1
6544ee27b7a2618504f0a8521462dc5eb5a7baa6
-
SHA256
26eabc0421a96de6cce085fa771d4f419876664f1e14978bb6f5b01bd9c3bcb5
-
SHA512
700a1d2bbbeedd20a867de7ef5c316383f502e657aeb9b2a3fcf0624d3d42e466836672501de604ac17f51e562452de88a44dcf1f6ffae7d892c0429d9f60739
-
SSDEEP
3072:XFHNDtQwr6iCkVBfx/+dAbTUvQyoqdvvuA7NhswmX7bWljZK:XBXr6rkzAd4U5vvuAUwmeO
Static task
static1
Behavioral task
behavioral1
Sample
26eabc0421a96de6cce085fa771d4f419876664f1e14978bb6f5b01bd9c3bcb5.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
26eabc0421a96de6cce085fa771d4f419876664f1e14978bb6f5b01bd9c3bcb5.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://www.skshospitality.in/js/admin/Panel/gate.php
-
payload_url
http://www.skshospitality.in/js/admin/Panel/invoice.exe
Targets
-
-
Target
26eabc0421a96de6cce085fa771d4f419876664f1e14978bb6f5b01bd9c3bcb5
-
Size
168KB
-
MD5
81d77c62cc4f4d3e5891fe39d4748935
-
SHA1
6544ee27b7a2618504f0a8521462dc5eb5a7baa6
-
SHA256
26eabc0421a96de6cce085fa771d4f419876664f1e14978bb6f5b01bd9c3bcb5
-
SHA512
700a1d2bbbeedd20a867de7ef5c316383f502e657aeb9b2a3fcf0624d3d42e466836672501de604ac17f51e562452de88a44dcf1f6ffae7d892c0429d9f60739
-
SSDEEP
3072:XFHNDtQwr6iCkVBfx/+dAbTUvQyoqdvvuA7NhswmX7bWljZK:XBXr6rkzAd4U5vvuAUwmeO
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-