General
-
Target
a1f12c346b487f5054ca918323fbada1aad97bd46dedb5ff5ff75d7bb34b0fde
-
Size
147KB
-
Sample
221128-pcgjpscb79
-
MD5
84fb7ae55623298b8e648ff5c7dc2115
-
SHA1
1af05edd024bf064f1d03c640ab6a09b3a3f0d7c
-
SHA256
a1f12c346b487f5054ca918323fbada1aad97bd46dedb5ff5ff75d7bb34b0fde
-
SHA512
401f0e31489404d494a1a7068866a43fd981a5bbc5698c816d970596d05a8c032c773db8103b63178797dab121b166797e8ca2502bdc72c3e7afcc5a74e9d00e
-
SSDEEP
3072:ASXpIshi44JexXmSKpPULrtYnqAOUkiQKjh4YmTmLbb58Kdz+CmmCrUk:PIEiPhSUPUqqA9jtSCLbqKRrm94k
Static task
static1
Behavioral task
behavioral1
Sample
a1f12c346b487f5054ca918323fbada1aad97bd46dedb5ff5ff75d7bb34b0fde.jar
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a1f12c346b487f5054ca918323fbada1aad97bd46dedb5ff5ff75d7bb34b0fde.jar
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://sweet0rium.com/dd/Panel/gate.php
http://www.sweet0rium.com/dd/Panel/gate.php
Targets
-
-
Target
a1f12c346b487f5054ca918323fbada1aad97bd46dedb5ff5ff75d7bb34b0fde
-
Size
147KB
-
MD5
84fb7ae55623298b8e648ff5c7dc2115
-
SHA1
1af05edd024bf064f1d03c640ab6a09b3a3f0d7c
-
SHA256
a1f12c346b487f5054ca918323fbada1aad97bd46dedb5ff5ff75d7bb34b0fde
-
SHA512
401f0e31489404d494a1a7068866a43fd981a5bbc5698c816d970596d05a8c032c773db8103b63178797dab121b166797e8ca2502bdc72c3e7afcc5a74e9d00e
-
SSDEEP
3072:ASXpIshi44JexXmSKpPULrtYnqAOUkiQKjh4YmTmLbb58Kdz+CmmCrUk:PIEiPhSUPUqqA9jtSCLbqKRrm94k
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-