General
-
Target
5fe72b7c3cd2b332956be129883c3c298e9a429ccc53aef903a0b8312688e85a
-
Size
62KB
-
Sample
221128-e53brseg92
-
MD5
2395f22a1d99d874e1f35c64d7f53891
-
SHA1
3b0cc05a32e1d553820cdd82d8463ae6b31a5f87
-
SHA256
5fe72b7c3cd2b332956be129883c3c298e9a429ccc53aef903a0b8312688e85a
-
SHA512
5f4309df480c8d3e880adb65d32bc2c2d67e7b47247822813d7b9e6cd6769c2feb80df4f293b32e1dfff95512ed96c46c556d555cd0ac390d5cbfcfd9c729987
-
SSDEEP
1536:aetDIv0Ppl/CMTIzXFrK4C3e66vrfGfwI/C:xIv0Ppl0NIuLrT
Static task
static1
Behavioral task
behavioral1
Sample
5fe72b7c3cd2b332956be129883c3c298e9a429ccc53aef903a0b8312688e85a.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://app.regdnsreg.com/04d2c34d0dc923d20822f360729929e9/gate.php
Targets
-
-
Target
5fe72b7c3cd2b332956be129883c3c298e9a429ccc53aef903a0b8312688e85a
-
Size
62KB
-
MD5
2395f22a1d99d874e1f35c64d7f53891
-
SHA1
3b0cc05a32e1d553820cdd82d8463ae6b31a5f87
-
SHA256
5fe72b7c3cd2b332956be129883c3c298e9a429ccc53aef903a0b8312688e85a
-
SHA512
5f4309df480c8d3e880adb65d32bc2c2d67e7b47247822813d7b9e6cd6769c2feb80df4f293b32e1dfff95512ed96c46c556d555cd0ac390d5cbfcfd9c729987
-
SSDEEP
1536:aetDIv0Ppl/CMTIzXFrK4C3e66vrfGfwI/C:xIv0Ppl0NIuLrT
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-