General
-
Target
6ef91537b44e4012e145f7a44a80fda63e2387b51b75ab5d1ba7fe3cd87b17ba
-
Size
268KB
-
Sample
221127-m3gw2sfe21
-
MD5
1dc303effc1dfc6c8192c59ea668355b
-
SHA1
63370986064b53880bb6417680fa5ec3c5262268
-
SHA256
6ef91537b44e4012e145f7a44a80fda63e2387b51b75ab5d1ba7fe3cd87b17ba
-
SHA512
c14ebe450f9f02299473e4bd2bfb7c32389f791f8bb19460e152afd1407116b3354b03c70f1ed9b05703478398b6e9cb4a28c8e1b4c8f26962f83652f383b9c5
-
SSDEEP
6144:K/0uoIu/NGVpv/XZCM7WwPDhFcFw4mYys9Kbls4y:KJmGV9W2i9FKm4y
Static task
static1
Behavioral task
behavioral1
Sample
6ef91537b44e4012e145f7a44a80fda63e2387b51b75ab5d1ba7fe3cd87b17ba.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6ef91537b44e4012e145f7a44a80fda63e2387b51b75ab5d1ba7fe3cd87b17ba.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://capric0rp.biz/admin/pony/gate.php
Targets
-
-
Target
6ef91537b44e4012e145f7a44a80fda63e2387b51b75ab5d1ba7fe3cd87b17ba
-
Size
268KB
-
MD5
1dc303effc1dfc6c8192c59ea668355b
-
SHA1
63370986064b53880bb6417680fa5ec3c5262268
-
SHA256
6ef91537b44e4012e145f7a44a80fda63e2387b51b75ab5d1ba7fe3cd87b17ba
-
SHA512
c14ebe450f9f02299473e4bd2bfb7c32389f791f8bb19460e152afd1407116b3354b03c70f1ed9b05703478398b6e9cb4a28c8e1b4c8f26962f83652f383b9c5
-
SSDEEP
6144:K/0uoIu/NGVpv/XZCM7WwPDhFcFw4mYys9Kbls4y:KJmGV9W2i9FKm4y
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-