General
-
Target
C01DABDB1E0572151396954FD7BCD7334CEE5B1D64DE2.exe
-
Size
1MB
-
Sample
230505-x34qxsbb4y
-
MD5
a547e64045d30568aa7e3afd81b81594
-
SHA1
9806c99c6f77be88be0629a3c851e6002a5a0d05
-
SHA256
c01dabdb1e0572151396954fd7bcd7334cee5b1d64de29b7de21c14eafbd6416
-
SHA512
6d7bf8a3d7126312bd886319530f1576dfa1a98cdc3f71282b313b8854f5ea27a677d3b6c8cfdd4a7ee5260c21783c9f48cf2522002ad06b2de714e7eee89a02
-
SSDEEP
24576:rKPJPQ9i31L+VU7mqcZDvO78A649Po0Gb2rIbJpmZ/+fudAZRVG51iKZEUbr//eJ:rKxn3F7s9v46MhLIbJUZ/+fuyZR4/JPc
Static task
static1
Behavioral task
behavioral1
Sample
C01DABDB1E0572151396954FD7BCD7334CEE5B1D64DE2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
C01DABDB1E0572151396954FD7BCD7334CEE5B1D64DE2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
pony
http://maxesupport.com/bless/gate.php
Targets
-
-
Target
C01DABDB1E0572151396954FD7BCD7334CEE5B1D64DE2.exe
-
Size
1MB
-
MD5
a547e64045d30568aa7e3afd81b81594
-
SHA1
9806c99c6f77be88be0629a3c851e6002a5a0d05
-
SHA256
c01dabdb1e0572151396954fd7bcd7334cee5b1d64de29b7de21c14eafbd6416
-
SHA512
6d7bf8a3d7126312bd886319530f1576dfa1a98cdc3f71282b313b8854f5ea27a677d3b6c8cfdd4a7ee5260c21783c9f48cf2522002ad06b2de714e7eee89a02
-
SSDEEP
24576:rKPJPQ9i31L+VU7mqcZDvO78A649Po0Gb2rIbJpmZ/+fudAZRVG51iKZEUbr//eJ:rKxn3F7s9v46MhLIbJUZ/+fuyZR4/JPc
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-