General
-
Target
83c4922e09c975250bed099282a4182a1682822f365e0fa34709363b8df6c6e7
-
Size
502KB
-
Sample
221126-slryksch86
-
MD5
9457606ebf74d5fd62845aac2b69a612
-
SHA1
e4d2db4317e467a50e2a704facef4c99eca0104d
-
SHA256
83c4922e09c975250bed099282a4182a1682822f365e0fa34709363b8df6c6e7
-
SHA512
bc5088aa8f35c993ee7292d5e13018c8e502af5f43f82d6492978a7b7fe4a359132d0c09739cff016f326885a4b4e40034eef89b1f29d5bf365830e98d28307a
-
SSDEEP
6144:rLPe61lwBk0wLfWAKDc6D7wSr7Odj0BWbHPMSMt8xO6WKv:rbe6TikzLaND7wSEgVSs8xOcv
Static task
static1
Behavioral task
behavioral1
Sample
83c4922e09c975250bed099282a4182a1682822f365e0fa34709363b8df6c6e7.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://indianmoneybag.in/wp-content/themes/twentythirteen/obi/Panel/gate.php
Targets
-
-
Target
83c4922e09c975250bed099282a4182a1682822f365e0fa34709363b8df6c6e7
-
Size
502KB
-
MD5
9457606ebf74d5fd62845aac2b69a612
-
SHA1
e4d2db4317e467a50e2a704facef4c99eca0104d
-
SHA256
83c4922e09c975250bed099282a4182a1682822f365e0fa34709363b8df6c6e7
-
SHA512
bc5088aa8f35c993ee7292d5e13018c8e502af5f43f82d6492978a7b7fe4a359132d0c09739cff016f326885a4b4e40034eef89b1f29d5bf365830e98d28307a
-
SSDEEP
6144:rLPe61lwBk0wLfWAKDc6D7wSr7Odj0BWbHPMSMt8xO6WKv:rbe6TikzLaND7wSEgVSs8xOcv
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-