General
-
Target
1a132db7832651f4d575aad9ab077fa40b79d3a91ee7f852094b8c2b22da5813
-
Size
34KB
-
Sample
221128-txhpqagg83
-
MD5
b92d8c7138256257d6006fe607ddc238
-
SHA1
0d415b22daf528bc79b93be02c04c222d9a7825a
-
SHA256
1a132db7832651f4d575aad9ab077fa40b79d3a91ee7f852094b8c2b22da5813
-
SHA512
ecb4f4ebf542554b6980fea3a15fa814bc21daa1007a30569bdab1e6015d71337ad27028e0b8eccb2004198e54f86c1e382adf80785ca3fca87a894ebaee97d1
-
SSDEEP
768:gAXKrfMYOR6I5THTdtwz8I2acBzrirroDBfAT7:gA2MhR64THxtwzFMBzSoDBG
Behavioral task
behavioral1
Sample
1a132db7832651f4d575aad9ab077fa40b79d3a91ee7f852094b8c2b22da5813.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://www.solgetyhenz.biz/shakka/Panel/gate.php
-
payload_url
http://www.solgetyhenz.biz/shakka/Panel/mark.exe
Targets
-
-
Target
1a132db7832651f4d575aad9ab077fa40b79d3a91ee7f852094b8c2b22da5813
-
Size
34KB
-
MD5
b92d8c7138256257d6006fe607ddc238
-
SHA1
0d415b22daf528bc79b93be02c04c222d9a7825a
-
SHA256
1a132db7832651f4d575aad9ab077fa40b79d3a91ee7f852094b8c2b22da5813
-
SHA512
ecb4f4ebf542554b6980fea3a15fa814bc21daa1007a30569bdab1e6015d71337ad27028e0b8eccb2004198e54f86c1e382adf80785ca3fca87a894ebaee97d1
-
SSDEEP
768:gAXKrfMYOR6I5THTdtwz8I2acBzrirroDBfAT7:gA2MhR64THxtwzFMBzSoDBG
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-