General
-
Target
21a14593fe4f3466ec9840d0b0186906591bf87a9bc9fef263e71309fed0a750
-
Size
34KB
-
Sample
221128-e4j4ssag5v
-
MD5
b8f01589487b8baf361b7f5e66d769a9
-
SHA1
eb1b0dc51b09b0943bf5bfb9dd7ed2ae8dfafd4b
-
SHA256
21a14593fe4f3466ec9840d0b0186906591bf87a9bc9fef263e71309fed0a750
-
SHA512
9e7b52f57a82e7accb5ccbddc44264f422d9ba6acf36f67eb404632a7cda1e6f55f32c0ce2eafd18f01e21c650286064b4dd24b37aa83ac6d3c16876928d35ca
-
SSDEEP
768:/1NAU2HFJK/ItMZalLoM2cH2LGHhQsSkfbBI:/s3fKwzLPNEGO/UbBI
Behavioral task
behavioral1
Sample
21a14593fe4f3466ec9840d0b0186906591bf87a9bc9fef263e71309fed0a750.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://184.105.163.235/new_advert/urwqehusd.php
-
payload_url
http://162.247.14.141/ff/pc.exe
http://162.247.14.141/ff/pc2.exe
http://162.247.14.141/ff/pc3.exe
Targets
-
-
Target
21a14593fe4f3466ec9840d0b0186906591bf87a9bc9fef263e71309fed0a750
-
Size
34KB
-
MD5
b8f01589487b8baf361b7f5e66d769a9
-
SHA1
eb1b0dc51b09b0943bf5bfb9dd7ed2ae8dfafd4b
-
SHA256
21a14593fe4f3466ec9840d0b0186906591bf87a9bc9fef263e71309fed0a750
-
SHA512
9e7b52f57a82e7accb5ccbddc44264f422d9ba6acf36f67eb404632a7cda1e6f55f32c0ce2eafd18f01e21c650286064b4dd24b37aa83ac6d3c16876928d35ca
-
SSDEEP
768:/1NAU2HFJK/ItMZalLoM2cH2LGHhQsSkfbBI:/s3fKwzLPNEGO/UbBI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-