General
-
Target
a87cd623fa09d905e2561261becc4b752f1edddd35c5561c1a1c56c444222ab1
-
Size
320KB
-
Sample
221126-tm6zkaff65
-
MD5
a991768f4a6ee1c0aa720c8dfb7615bd
-
SHA1
e5460670ae39ae83156c5cbf18fff3a55fb5f353
-
SHA256
a87cd623fa09d905e2561261becc4b752f1edddd35c5561c1a1c56c444222ab1
-
SHA512
6ec5d8bf43b8be52935145925dce7eaea8dd82c7f11a35ecfcd50d1286920b5317b60046fed61a88d602f6588645828122c23404441087d4abf4609dcc955a14
-
SSDEEP
6144:s8L/MuhsZUtNqZBZSxmjHcG2Og8tvpzI:HhsqNqZlcG2O7
Static task
static1
Behavioral task
behavioral1
Sample
a87cd623fa09d905e2561261becc4b752f1edddd35c5561c1a1c56c444222ab1.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://athenna.gravity.ml/Panel/gate.php
Targets
-
-
Target
a87cd623fa09d905e2561261becc4b752f1edddd35c5561c1a1c56c444222ab1
-
Size
320KB
-
MD5
a991768f4a6ee1c0aa720c8dfb7615bd
-
SHA1
e5460670ae39ae83156c5cbf18fff3a55fb5f353
-
SHA256
a87cd623fa09d905e2561261becc4b752f1edddd35c5561c1a1c56c444222ab1
-
SHA512
6ec5d8bf43b8be52935145925dce7eaea8dd82c7f11a35ecfcd50d1286920b5317b60046fed61a88d602f6588645828122c23404441087d4abf4609dcc955a14
-
SSDEEP
6144:s8L/MuhsZUtNqZBZSxmjHcG2Og8tvpzI:HhsqNqZlcG2O7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-