General
-
Target
115f9bbe6e9a20136607c220737194e7ded5be49b56a0f279e0082c8977a9304
-
Size
136KB
-
Sample
221127-ry9tgshh5w
-
MD5
3276ed4c930c7f3f20e6492199139ea9
-
SHA1
d0837fc9960823be07f44439aa439018d974454f
-
SHA256
115f9bbe6e9a20136607c220737194e7ded5be49b56a0f279e0082c8977a9304
-
SHA512
10018be30db6cacf6584eadcb8d0822a36b70356fc64a52c9243245ae7a15149dd9f7c65aac7c83d22a1102a62f8ae847d051966c31c85c2bf81c4af95109703
-
SSDEEP
3072:zstGUIKGNj4y6tgdYCVmRL4sjDfdTs3oRlqhdd:zstGyYsyTv8+s/fdTq
Static task
static1
Behavioral task
behavioral1
Sample
115f9bbe6e9a20136607c220737194e7ded5be49b56a0f279e0082c8977a9304.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://www.bigdaddygroup.in/wp-admin/images/panel/gate.php
Targets
-
-
Target
115f9bbe6e9a20136607c220737194e7ded5be49b56a0f279e0082c8977a9304
-
Size
136KB
-
MD5
3276ed4c930c7f3f20e6492199139ea9
-
SHA1
d0837fc9960823be07f44439aa439018d974454f
-
SHA256
115f9bbe6e9a20136607c220737194e7ded5be49b56a0f279e0082c8977a9304
-
SHA512
10018be30db6cacf6584eadcb8d0822a36b70356fc64a52c9243245ae7a15149dd9f7c65aac7c83d22a1102a62f8ae847d051966c31c85c2bf81c4af95109703
-
SSDEEP
3072:zstGUIKGNj4y6tgdYCVmRL4sjDfdTs3oRlqhdd:zstGyYsyTv8+s/fdTq
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-