General
-
Target
dd6cd522f075f67ac72d18d33a7d5663
-
Size
148KB
-
Sample
240325-gyctmsaa45
-
MD5
dd6cd522f075f67ac72d18d33a7d5663
-
SHA1
d1bc200febce3017f42e073d5db5ad06bd23a465
-
SHA256
40ab9e1552bb4ead90ea67c8b7df430a4799bb3b3dcba5ac57e6e4f83044e6f5
-
SHA512
ecd869a009f49750349ef03bee0542d156c5534537068a7010dc3a667e05ef01723e3ee6af0572e63832e568d58310dc94ba61d275422db08df24852da8ddcaf
-
SSDEEP
3072:WkBfAvO+3DVA1GUc0uYD5+HE3N/Y4qN3shlihJ2hFnryY6:Wb5AIJEdwT38ihWX6
Static task
static1
Behavioral task
behavioral1
Sample
dd6cd522f075f67ac72d18d33a7d5663.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://o.anygutterkings.com/forum/viewtopic.php
http://o.anygutterkings.net/forum/viewtopic.php
-
payload_url
http://www.credidyaoriente.com.co/pbe.exe
http://3073.a.hostable.me/Z2U.exe
Targets
-
-
Target
dd6cd522f075f67ac72d18d33a7d5663
-
Size
148KB
-
MD5
dd6cd522f075f67ac72d18d33a7d5663
-
SHA1
d1bc200febce3017f42e073d5db5ad06bd23a465
-
SHA256
40ab9e1552bb4ead90ea67c8b7df430a4799bb3b3dcba5ac57e6e4f83044e6f5
-
SHA512
ecd869a009f49750349ef03bee0542d156c5534537068a7010dc3a667e05ef01723e3ee6af0572e63832e568d58310dc94ba61d275422db08df24852da8ddcaf
-
SSDEEP
3072:WkBfAvO+3DVA1GUc0uYD5+HE3N/Y4qN3shlihJ2hFnryY6:Wb5AIJEdwT38ihWX6
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-