General
-
Target
2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d
-
Size
1.3MB
-
Sample
221127-r4vlraee66
-
MD5
c75f98e9bde735b1785b9f3e3d7b6ad6
-
SHA1
8028222efcf71c343aa3ce45b2dde05403696a3d
-
SHA256
2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d
-
SHA512
59b8b5fefe4b72becf3eefbbb70480174f9b2ae588e99cb5cc3b623847f0018ce603f3c4a6dcf9dc328618e71a68442ff5f7a214d2cec000ded1bc53aad81499
-
SSDEEP
24576:i2O/GlAIaOXAN/+rtH/GsMb7g6zwzRQegxP265:vPXAZetHo5k1tS
Static task
static1
Behavioral task
behavioral1
Sample
2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://finalego.000a.de/1/gate.php
Targets
-
-
Target
2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d
-
Size
1.3MB
-
MD5
c75f98e9bde735b1785b9f3e3d7b6ad6
-
SHA1
8028222efcf71c343aa3ce45b2dde05403696a3d
-
SHA256
2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d
-
SHA512
59b8b5fefe4b72becf3eefbbb70480174f9b2ae588e99cb5cc3b623847f0018ce603f3c4a6dcf9dc328618e71a68442ff5f7a214d2cec000ded1bc53aad81499
-
SSDEEP
24576:i2O/GlAIaOXAN/+rtH/GsMb7g6zwzRQegxP265:vPXAZetHo5k1tS
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-