General
-
Target
b65da4f2e98c74864da51f583efac94e553baa82589bdf079b67512e91e8054b
-
Size
277KB
-
Sample
221127-m4c99abh92
-
MD5
c6c3ba4866fb932570e4356230303b17
-
SHA1
79cc4cc09cb198bcd7ad9493d12e060f1f417cfd
-
SHA256
b65da4f2e98c74864da51f583efac94e553baa82589bdf079b67512e91e8054b
-
SHA512
912340f206ec369cdec6f4d7ad0705ad38d0f2ce3b6c59fc78d4749c8bbdeeb6b665064d27c49a6488a155e900b24658ee8995e6742d0321612a36aecddcca50
-
SSDEEP
6144:hiPQ6Db/XmqhLthQ/MUR3EjNZzycExUaGSMywRlpAvhQKV5JS18tuuuC:3Eb/mD/MUR3EZIcEySbspIhQKV5418tO
Static task
static1
Behavioral task
behavioral1
Sample
b65da4f2e98c74864da51f583efac94e553baa82589bdf079b67512e91e8054b.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://asusoftware.no-ip.org/pon/gate.php
Targets
-
-
Target
b65da4f2e98c74864da51f583efac94e553baa82589bdf079b67512e91e8054b
-
Size
277KB
-
MD5
c6c3ba4866fb932570e4356230303b17
-
SHA1
79cc4cc09cb198bcd7ad9493d12e060f1f417cfd
-
SHA256
b65da4f2e98c74864da51f583efac94e553baa82589bdf079b67512e91e8054b
-
SHA512
912340f206ec369cdec6f4d7ad0705ad38d0f2ce3b6c59fc78d4749c8bbdeeb6b665064d27c49a6488a155e900b24658ee8995e6742d0321612a36aecddcca50
-
SSDEEP
6144:hiPQ6Db/XmqhLthQ/MUR3EjNZzycExUaGSMywRlpAvhQKV5JS18tuuuC:3Eb/mD/MUR3EZIcEySbspIhQKV5418tO
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-