General
-
Target
9b464b46db0565e1334489f4c8c3e8e95e2745cf004359e5481f2aff2a53b02e
-
Size
387KB
-
Sample
221126-ssqdbsde34
-
MD5
a741783a1f52bf93e866c22045e8a5e6
-
SHA1
99d75ec9655e47ab33a2fd9110ed31cb4a76f9bb
-
SHA256
9b464b46db0565e1334489f4c8c3e8e95e2745cf004359e5481f2aff2a53b02e
-
SHA512
2eddaa662e9b755819927e155eea560eaa34b879ee5f0782443b99940e58ebb3591fc4f76d698aa1303bc86185bd907c98e07c34ffe63a3bb0d3f7fbb02d2fa4
-
SSDEEP
12288:dvE2FOWkA1usZkaLHx7KA4x6Srrm8pIV7rXo/6O:dvxsCA
Static task
static1
Behavioral task
behavioral1
Sample
9b464b46db0565e1334489f4c8c3e8e95e2745cf004359e5481f2aff2a53b02e.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://king.lixter.com/gate.php
http://king.lixter.com/admin.php
-
payload_url
http://king.lixter.com/shit.exe
Targets
-
-
Target
9b464b46db0565e1334489f4c8c3e8e95e2745cf004359e5481f2aff2a53b02e
-
Size
387KB
-
MD5
a741783a1f52bf93e866c22045e8a5e6
-
SHA1
99d75ec9655e47ab33a2fd9110ed31cb4a76f9bb
-
SHA256
9b464b46db0565e1334489f4c8c3e8e95e2745cf004359e5481f2aff2a53b02e
-
SHA512
2eddaa662e9b755819927e155eea560eaa34b879ee5f0782443b99940e58ebb3591fc4f76d698aa1303bc86185bd907c98e07c34ffe63a3bb0d3f7fbb02d2fa4
-
SSDEEP
12288:dvE2FOWkA1usZkaLHx7KA4x6Srrm8pIV7rXo/6O:dvxsCA
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-