General
-
Target
f6536f7fe9feef17adc493638395555b.bin
-
Size
46KB
-
Sample
230509-cfs1padh33
-
MD5
ce8f0c41a6e4685d12d547ea55359ec0
-
SHA1
6e7e3beeba57701d69f805fb5843cb5ecb91beef
-
SHA256
9a77a4a3ce18eb96cc266f0a7a41528c71a8b6aaf8bd11217b1df2baad16a2ff
-
SHA512
48bdbfb0c6e107933ec3167e934ddf76985ed426212d1c025602e06f7a43f7bfb0510d2d2dcefe643657af78e190f8968e0e4f5e2be368768eda4f2de514674f
-
SSDEEP
768:tPWawj6Z6AQx4PBbH2+uxVxqK3qaPpXHwqBq3DhDP/KJB7MI+Zh4s5yrlWREH5vK:RWBj6EYBbbKqK6qXHdw3DVSNMI+Zhh5X
Static task
static1
Behavioral task
behavioral1
Sample
16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599.exe
Resource
win7-20230220-en
Malware Config
Extracted
pony
http://sunelec-kk.com/tmp/r1.php
http://japmotors.net/tmp/r1.php
-
payload_url
http://globalofficesolution.net/tmp/file1.exe
http://globalofficesolution.net/tmp/file2.exe
http://davesclassics.com.au/tmp/file1.exe
http://davesclassics.com.au/tmp/file2.exe
Targets
-
-
Target
16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599.exe
-
Size
56KB
-
MD5
f6536f7fe9feef17adc493638395555b
-
SHA1
157307ead7905b1844dcc69458f0531e66b31fb6
-
SHA256
16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599
-
SHA512
5313d816e2aba0c2f9a2627ed8f1a7507aec05d7f7089a51307743bb215b1fe15e1596699f3b092dc117a5fcf21772a38ce326be8c917ba9aa1fe2492df96da3
-
SSDEEP
1536:+tzqxvhrplLk9h8egJPfWunoGh4R17mZDLn845OUKMkQKFoNek+5UD:+T8N3WuoGh4KZDL1gmKF0ek+M
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-