General
-
Target
34447d74a502b3bd45c648f6137a7e1e5da532cd24f7a318b6e87a1a42e57f41
-
Size
187KB
-
Sample
221126-s4bpbahd4z
-
MD5
68b4ca99283c6099e6b07994d93ecbbb
-
SHA1
8b26dcf97f6ad64ab20712d61ac7ca328cb584be
-
SHA256
34447d74a502b3bd45c648f6137a7e1e5da532cd24f7a318b6e87a1a42e57f41
-
SHA512
95809b747178739ede228109dbefb61cb4bccd7be3982b50abddf2b5e6dda2ca3dfc4a55aed484af603a77864915e4d1647b6a6da44df64bf60b6c2b7f24f5b3
-
SSDEEP
3072:ungmqO1OfS/LnFZeQ9TiKqVmJAy/ty2WS3gBh39QLTvNaJS7X9hkU:uXZ/L/r9gq/tyrBh36NaU7X9h
Static task
static1
Behavioral task
behavioral1
Sample
34447d74a502b3bd45c648f6137a7e1e5da532cd24f7a318b6e87a1a42e57f41.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
34447d74a502b3bd45c648f6137a7e1e5da532cd24f7a318b6e87a1a42e57f41.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://silverspoontech.co.in/bogy/Panel/gate.php
-
payload_url
http://silverspoontech.co.in/bogy/Panel/shit.exe
Targets
-
-
Target
34447d74a502b3bd45c648f6137a7e1e5da532cd24f7a318b6e87a1a42e57f41
-
Size
187KB
-
MD5
68b4ca99283c6099e6b07994d93ecbbb
-
SHA1
8b26dcf97f6ad64ab20712d61ac7ca328cb584be
-
SHA256
34447d74a502b3bd45c648f6137a7e1e5da532cd24f7a318b6e87a1a42e57f41
-
SHA512
95809b747178739ede228109dbefb61cb4bccd7be3982b50abddf2b5e6dda2ca3dfc4a55aed484af603a77864915e4d1647b6a6da44df64bf60b6c2b7f24f5b3
-
SSDEEP
3072:ungmqO1OfS/LnFZeQ9TiKqVmJAy/ty2WS3gBh39QLTvNaJS7X9hkU:uXZ/L/r9gq/tyrBh36NaU7X9h
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-