General
-
Target
AFDF78E26E10793941CEEEC156433348F6B050D79F86E.exe.bin
-
Size
232KB
-
Sample
230505-xn996ahg8x
-
MD5
aafff539597334410c592b28f4a521c7
-
SHA1
a887c69811cf126e17a3f4cf0c241daa65365be6
-
SHA256
afdf78e26e10793941ceeec156433348f6b050d79f86e46b88f5755bc9c3d148
-
SHA512
57246708adf6143b7be50a770eb8ed2b4b799591982be32c14d9f75ea7edd2eac4efd257ab169717e825313bf4bb925806b78df971ce6d2ca3461aea75f3e904
-
SSDEEP
6144:WSZrtUbaNpKEHcqoh5Iwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww2VD3L:8eKE2h5RhTp
Static task
static1
Behavioral task
behavioral1
Sample
AFDF78E26E10793941CEEEC156433348F6B050D79F86E.exe
Resource
win7-20230220-en
Malware Config
Extracted
pony
http://185.145.129.36/v6/gate.php
-
payload_url
http://myp0nysite.ru/shit.exe
Targets
-
-
Target
AFDF78E26E10793941CEEEC156433348F6B050D79F86E.exe.bin
-
Size
232KB
-
MD5
aafff539597334410c592b28f4a521c7
-
SHA1
a887c69811cf126e17a3f4cf0c241daa65365be6
-
SHA256
afdf78e26e10793941ceeec156433348f6b050d79f86e46b88f5755bc9c3d148
-
SHA512
57246708adf6143b7be50a770eb8ed2b4b799591982be32c14d9f75ea7edd2eac4efd257ab169717e825313bf4bb925806b78df971ce6d2ca3461aea75f3e904
-
SSDEEP
6144:WSZrtUbaNpKEHcqoh5Iwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww2VD3L:8eKE2h5RhTp
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-