General
-
Target
4b626a59d14dbe95119026551baefbae10d497447a56e636f08077716ea1ef81
-
Size
148KB
-
Sample
221128-k7zljsgc3z
-
MD5
167e0ab6edf231b2fa3687948a3b606d
-
SHA1
11921e91a6a387c250576eaaa62713211b88f5f5
-
SHA256
4b626a59d14dbe95119026551baefbae10d497447a56e636f08077716ea1ef81
-
SHA512
02d9e3fcdbe0dd548ceed80aec1146e7d9cfba06663623ae1c7f04f566cd372d7513ef0c45e23bd45b56b7e5e5e23614bc20b7faea7a14838f75e9ecbdb7e2fd
-
SSDEEP
3072:gEA/WHMUt+EW2Jxoa+5WqS6ZpUsFTtxrcmwpiveH/7MckAs:gLg7jA3U0IfpjTkA
Static task
static1
Behavioral task
behavioral1
Sample
4b626a59d14dbe95119026551baefbae10d497447a56e636f08077716ea1ef81.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://sweet0rium.com/dd/Panel/gate.php
http://www.sweet0rium.com/dd/Panel/gate.php
Targets
-
-
Target
4b626a59d14dbe95119026551baefbae10d497447a56e636f08077716ea1ef81
-
Size
148KB
-
MD5
167e0ab6edf231b2fa3687948a3b606d
-
SHA1
11921e91a6a387c250576eaaa62713211b88f5f5
-
SHA256
4b626a59d14dbe95119026551baefbae10d497447a56e636f08077716ea1ef81
-
SHA512
02d9e3fcdbe0dd548ceed80aec1146e7d9cfba06663623ae1c7f04f566cd372d7513ef0c45e23bd45b56b7e5e5e23614bc20b7faea7a14838f75e9ecbdb7e2fd
-
SSDEEP
3072:gEA/WHMUt+EW2Jxoa+5WqS6ZpUsFTtxrcmwpiveH/7MckAs:gLg7jA3U0IfpjTkA
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-