General
-
Target
e46d75cb4f41effcbde35f9f0f03d2ce1ef87c6921f7e72b1aabee1f785494d6
-
Size
63KB
-
Sample
221128-e52p8sah51
-
MD5
c8fc2931b9b2a86ff86fe63ab76b5015
-
SHA1
cc16e4594641161fecb05dca4650a27a012f38b2
-
SHA256
e46d75cb4f41effcbde35f9f0f03d2ce1ef87c6921f7e72b1aabee1f785494d6
-
SHA512
b90329a01cb410b981befebe2f38d02dc681e433438ae9ea7955217f52f7614be400511706a4ae5ac05bc7d5f1476dfdb625ac1556043e1b8679c36cf65f8fa5
-
SSDEEP
1536:MHbYAlcUk9bj73Yh/Nezn4fXPC8u33PTNFSAr9QYgDzk:MEDVjrYhsz4f/Y3Pbj6Y1
Static task
static1
Behavioral task
behavioral1
Sample
e46d75cb4f41effcbde35f9f0f03d2ce1ef87c6921f7e72b1aabee1f785494d6.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://app.regdnsreg.com/04d2c34d0dc923d20822f360729929e9/gate.php
Targets
-
-
Target
e46d75cb4f41effcbde35f9f0f03d2ce1ef87c6921f7e72b1aabee1f785494d6
-
Size
63KB
-
MD5
c8fc2931b9b2a86ff86fe63ab76b5015
-
SHA1
cc16e4594641161fecb05dca4650a27a012f38b2
-
SHA256
e46d75cb4f41effcbde35f9f0f03d2ce1ef87c6921f7e72b1aabee1f785494d6
-
SHA512
b90329a01cb410b981befebe2f38d02dc681e433438ae9ea7955217f52f7614be400511706a4ae5ac05bc7d5f1476dfdb625ac1556043e1b8679c36cf65f8fa5
-
SSDEEP
1536:MHbYAlcUk9bj73Yh/Nezn4fXPC8u33PTNFSAr9QYgDzk:MEDVjrYhsz4f/Y3Pbj6Y1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-