General
-
Target
f3b4ce5b72662d4cf3b618d8108c92a5c826c479c41436170d946959d56ff4f1
-
Size
148KB
-
Sample
221127-n5gjqsad3t
-
MD5
3a828a6632cd185d02dca34e4a12c18e
-
SHA1
6463aeef57ba58380eb488b93fde3261208e4aed
-
SHA256
f3b4ce5b72662d4cf3b618d8108c92a5c826c479c41436170d946959d56ff4f1
-
SHA512
6ac5450d82beea05e23f19f67f3825790144d8795327efab6d91e5980561e5f72dd06251f75c0c240656ae4a11edf041cd9449e43d3f182a1b5f513c22bbf792
-
SSDEEP
3072:vUBfAvOlwKJFDohBM6fATYUiAaIcJFZk3crl:vHKrobRfAcac/Z04l
Static task
static1
Behavioral task
behavioral1
Sample
f3b4ce5b72662d4cf3b618d8108c92a5c826c479c41436170d946959d56ff4f1.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://o.anygutterkings.com/forum/viewtopic.php
http://o.anygutterkings.net/forum/viewtopic.php
-
payload_url
http://akdegirmen.com/SMpT.exe
http://12am.ro/4dB8.exe
Targets
-
-
Target
f3b4ce5b72662d4cf3b618d8108c92a5c826c479c41436170d946959d56ff4f1
-
Size
148KB
-
MD5
3a828a6632cd185d02dca34e4a12c18e
-
SHA1
6463aeef57ba58380eb488b93fde3261208e4aed
-
SHA256
f3b4ce5b72662d4cf3b618d8108c92a5c826c479c41436170d946959d56ff4f1
-
SHA512
6ac5450d82beea05e23f19f67f3825790144d8795327efab6d91e5980561e5f72dd06251f75c0c240656ae4a11edf041cd9449e43d3f182a1b5f513c22bbf792
-
SSDEEP
3072:vUBfAvOlwKJFDohBM6fATYUiAaIcJFZk3crl:vHKrobRfAcac/Z04l
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-