General
-
Target
f9a5a30e98eee58acdd0ac6b96a3472400992739ef95cf525d4aa4c751c6b617
-
Size
34KB
-
Sample
221126-vjqc3sab43
-
MD5
c311145216993f54663062446d97a8b3
-
SHA1
4e6a440bedd5d1559c219e076ab035d10147f1bc
-
SHA256
f9a5a30e98eee58acdd0ac6b96a3472400992739ef95cf525d4aa4c751c6b617
-
SHA512
ba4db4af042d783b545f2b5d49323a97465308f543806d08dc0eb971e31a910874db686bea6a82de3a5fbaac7dcbd5a91478025c6b612f22e76d49803bbd8909
-
SSDEEP
768:zCcZgygNzCAeP0NyOX6a2azYlokoLejYpP4ZDgC7c2:zTgRp5424cu99jgP4VgCY2
Behavioral task
behavioral1
Sample
f9a5a30e98eee58acdd0ac6b96a3472400992739ef95cf525d4aa4c751c6b617.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://biores.co.il/sob/logo/gate.php
-
payload_url
http://biores.co.il/sob/logo/Pony.exe
Targets
-
-
Target
f9a5a30e98eee58acdd0ac6b96a3472400992739ef95cf525d4aa4c751c6b617
-
Size
34KB
-
MD5
c311145216993f54663062446d97a8b3
-
SHA1
4e6a440bedd5d1559c219e076ab035d10147f1bc
-
SHA256
f9a5a30e98eee58acdd0ac6b96a3472400992739ef95cf525d4aa4c751c6b617
-
SHA512
ba4db4af042d783b545f2b5d49323a97465308f543806d08dc0eb971e31a910874db686bea6a82de3a5fbaac7dcbd5a91478025c6b612f22e76d49803bbd8909
-
SSDEEP
768:zCcZgygNzCAeP0NyOX6a2azYlokoLejYpP4ZDgC7c2:zTgRp5424cu99jgP4VgCY2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-