General
-
Target
c589afb6031514397b04bd1034ae0c16.exe
-
Size
1.1MB
-
Sample
230601-c6e7hscb65
-
MD5
c589afb6031514397b04bd1034ae0c16
-
SHA1
7dc134956a2a69e81503eaed94d151bdd527afbc
-
SHA256
359085ce4ec341aac7c0d129418e257a0e570f058855a0ddf81a3bbc70bdbe0d
-
SHA512
bb23be53bb1740ac94058fce0f0fb17fc8571c8e7bb581e00234d37e20a74ef6df57313a10008996994ae61c4df17877debb18e6f1863a6a210dcdf853753247
-
SSDEEP
24576:iu6J33O0c+JY5UZ+XC0kGsoTGcjr1I1lOq6sb8hTH7NWYE:Eu0c++OCvkGsEGcjr1i6skHUYE
Static task
static1
Behavioral task
behavioral1
Sample
c589afb6031514397b04bd1034ae0c16.exe
Resource
win7-20230220-en
Malware Config
Extracted
pony
http://185.79.156.18/bit/03/gate.php
Targets
-
-
Target
c589afb6031514397b04bd1034ae0c16.exe
-
Size
1.1MB
-
MD5
c589afb6031514397b04bd1034ae0c16
-
SHA1
7dc134956a2a69e81503eaed94d151bdd527afbc
-
SHA256
359085ce4ec341aac7c0d129418e257a0e570f058855a0ddf81a3bbc70bdbe0d
-
SHA512
bb23be53bb1740ac94058fce0f0fb17fc8571c8e7bb581e00234d37e20a74ef6df57313a10008996994ae61c4df17877debb18e6f1863a6a210dcdf853753247
-
SSDEEP
24576:iu6J33O0c+JY5UZ+XC0kGsoTGcjr1I1lOq6sb8hTH7NWYE:Eu0c++OCvkGsEGcjr1i6skHUYE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-