General
-
Target
cf16860894597ff36e93ced6cdd681b90156e254419a4ad9dbde6aebf5c3166f
-
Size
134KB
-
Sample
221126-th4nmsae6t
-
MD5
ac2dc3101f04217a7298be46988676c9
-
SHA1
088b5b41f2ff31fa83a8fe37e4acbfab8a8d7c6b
-
SHA256
cf16860894597ff36e93ced6cdd681b90156e254419a4ad9dbde6aebf5c3166f
-
SHA512
57d9d80f5e0bdaf0b68e1da1d0c32f3e699f812155dc75bab97c02b112be9f7e47aedbd38eb7c2d6576fe41b360dd7a40d1720a2948202db9c0f04ded89d29eb
-
SSDEEP
3072:bwJ52Y7ZoH5XJacWGljfTGn/FiymdNOiPjkb3LTgykBjr6W9z:bwHysr+jbu/MyGdi3kYW9z
Static task
static1
Behavioral task
behavioral1
Sample
cf16860894597ff36e93ced6cdd681b90156e254419a4ad9dbde6aebf5c3166f.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://bigbone10.info/pony/gate.php
http://bigbone10.info:8080/pony/gate.php
Targets
-
-
Target
cf16860894597ff36e93ced6cdd681b90156e254419a4ad9dbde6aebf5c3166f
-
Size
134KB
-
MD5
ac2dc3101f04217a7298be46988676c9
-
SHA1
088b5b41f2ff31fa83a8fe37e4acbfab8a8d7c6b
-
SHA256
cf16860894597ff36e93ced6cdd681b90156e254419a4ad9dbde6aebf5c3166f
-
SHA512
57d9d80f5e0bdaf0b68e1da1d0c32f3e699f812155dc75bab97c02b112be9f7e47aedbd38eb7c2d6576fe41b360dd7a40d1720a2948202db9c0f04ded89d29eb
-
SSDEEP
3072:bwJ52Y7ZoH5XJacWGljfTGn/FiymdNOiPjkb3LTgykBjr6W9z:bwHysr+jbu/MyGdi3kYW9z
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-