General
-
Target
fb63754ccae114c1f56a9fcf6190cba0b7d7eca93c7124129194252976426581
-
Size
104KB
-
Sample
221128-k7xf7agc3w
-
MD5
ff0d8ad4cd0d46e890e4a5d6486b617f
-
SHA1
4dd9e804409df66e5f2e46804635387663e7b711
-
SHA256
fb63754ccae114c1f56a9fcf6190cba0b7d7eca93c7124129194252976426581
-
SHA512
67089d7f139a37cf41702f05170517580dcf9ea1b272b7f4f4ea9c50bd1c87c83a207aca26e7d5e8d29c9e09015ee283049910510ff8f845baf97990c55d34f9
-
SSDEEP
3072:HzcyPlJWHMCt+EW2WMFVjSuqRhupfh4urRxeCrUH:H44Jgb4GVjSu1p7p4H
Static task
static1
Behavioral task
behavioral1
Sample
fb63754ccae114c1f56a9fcf6190cba0b7d7eca93c7124129194252976426581.jar
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://sweet0rium.com/dd/Panel/gate.php
http://www.sweet0rium.com/dd/Panel/gate.php
Targets
-
-
Target
fb63754ccae114c1f56a9fcf6190cba0b7d7eca93c7124129194252976426581
-
Size
104KB
-
MD5
ff0d8ad4cd0d46e890e4a5d6486b617f
-
SHA1
4dd9e804409df66e5f2e46804635387663e7b711
-
SHA256
fb63754ccae114c1f56a9fcf6190cba0b7d7eca93c7124129194252976426581
-
SHA512
67089d7f139a37cf41702f05170517580dcf9ea1b272b7f4f4ea9c50bd1c87c83a207aca26e7d5e8d29c9e09015ee283049910510ff8f845baf97990c55d34f9
-
SSDEEP
3072:HzcyPlJWHMCt+EW2WMFVjSuqRhupfh4urRxeCrUH:H44Jgb4GVjSu1p7p4H
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-