General
-
Target
8890c5a051e780e4ed5a965077dd19744a9d7324e77cbc11ebf6dbe691a813c6
-
Size
524KB
-
Sample
221126-t1813sbg7s
-
MD5
925283f4df113495e081da5cb421e34c
-
SHA1
969f6b102bd794be9362a263bf72f4c04ca485a5
-
SHA256
8890c5a051e780e4ed5a965077dd19744a9d7324e77cbc11ebf6dbe691a813c6
-
SHA512
8c2263e7ef2a9c6a5d57a5c302f74a49a4335495fef05e0a0cafc6f3d6ccee862e8840b736cf48947d4e4cc2c86b634f75988be2bff4b9cd04f9bb8da2eb4ecc
-
SSDEEP
12288:gaqpTxy4E2iv8vMX2YD3pfjl4IBExEU/:um4lg8OZfRM/
Static task
static1
Behavioral task
behavioral1
Sample
8890c5a051e780e4ed5a965077dd19744a9d7324e77cbc11ebf6dbe691a813c6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8890c5a051e780e4ed5a965077dd19744a9d7324e77cbc11ebf6dbe691a813c6.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://91.220.163.21/pony/gate.php
Targets
-
-
Target
8890c5a051e780e4ed5a965077dd19744a9d7324e77cbc11ebf6dbe691a813c6
-
Size
524KB
-
MD5
925283f4df113495e081da5cb421e34c
-
SHA1
969f6b102bd794be9362a263bf72f4c04ca485a5
-
SHA256
8890c5a051e780e4ed5a965077dd19744a9d7324e77cbc11ebf6dbe691a813c6
-
SHA512
8c2263e7ef2a9c6a5d57a5c302f74a49a4335495fef05e0a0cafc6f3d6ccee862e8840b736cf48947d4e4cc2c86b634f75988be2bff4b9cd04f9bb8da2eb4ecc
-
SSDEEP
12288:gaqpTxy4E2iv8vMX2YD3pfjl4IBExEU/:um4lg8OZfRM/
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-