General
-
Target
6e0f0c12da147dcca074e427dc4fcb2a29ee032d40a0e1d29128752c27baa4d2
-
Size
864KB
-
Sample
221126-tz34fagf36
-
MD5
03dfaa7b38468e7f418e1edac766946f
-
SHA1
dceb6bc8494dd6f00295ed13c225b3e3fb6c7825
-
SHA256
6e0f0c12da147dcca074e427dc4fcb2a29ee032d40a0e1d29128752c27baa4d2
-
SHA512
2cd067ec38591c97b0c09c4a1f31450cc0f9c2ad3b68c351cd65e7feefbe0bf19e00703c8e47d50b2fd77a421938ba47dc75abf82531145779c95dd652f81139
-
SSDEEP
24576:8Bg3gm8984uZ+KUHRP8NXWFa5s9e0SOrJsxc:skk89uRPJFa50SO+c
Static task
static1
Behavioral task
behavioral1
Sample
6e0f0c12da147dcca074e427dc4fcb2a29ee032d40a0e1d29128752c27baa4d2.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6e0f0c12da147dcca074e427dc4fcb2a29ee032d40a0e1d29128752c27baa4d2.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://www.bringbackudo.in/wordpress/AA/PP/gate.php
Targets
-
-
Target
6e0f0c12da147dcca074e427dc4fcb2a29ee032d40a0e1d29128752c27baa4d2
-
Size
864KB
-
MD5
03dfaa7b38468e7f418e1edac766946f
-
SHA1
dceb6bc8494dd6f00295ed13c225b3e3fb6c7825
-
SHA256
6e0f0c12da147dcca074e427dc4fcb2a29ee032d40a0e1d29128752c27baa4d2
-
SHA512
2cd067ec38591c97b0c09c4a1f31450cc0f9c2ad3b68c351cd65e7feefbe0bf19e00703c8e47d50b2fd77a421938ba47dc75abf82531145779c95dd652f81139
-
SSDEEP
24576:8Bg3gm8984uZ+KUHRP8NXWFa5s9e0SOrJsxc:skk89uRPJFa50SO+c
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-