General
-
Target
e227be993c9e58797b6189c652a585fb
-
Size
148KB
-
Sample
240327-vhl92age49
-
MD5
e227be993c9e58797b6189c652a585fb
-
SHA1
414475bbfc35e037b64e0811ee8e7d674e32b737
-
SHA256
24ee912caf5e4e0cebaac0f0f5422626b7859be66f1e1afca59a9e34564e5e48
-
SHA512
f73c43194ebafae44bb253b25bf47f38cd41cdbda5263e3580287e53103d0d0c3254159871ca1c2129ab290a2231e5c4f2bc36055ea763375d647e18f0c8859b
-
SSDEEP
1536:InpLaJGl7XX/j31w7NODnsqXffSyq+Vjz/+OxvpweD7SfldeNxqdaNBzFaDC2cTB:dJGlzPjlw7Nyfw+h/txBfWS5FapcU3M
Static task
static1
Behavioral task
behavioral1
Sample
e227be993c9e58797b6189c652a585fb.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://bullonthewall.com/forum/viewtopic.php
http://rodeostriker.com/forum/viewtopic.php
-
payload_url
http://degereedschapzaak.nl/S3EAwAc5.exe
http://www.editorialtripie.com/WcF.exe
http://www.dream-box88.de/SfLEp.exe
Targets
-
-
Target
e227be993c9e58797b6189c652a585fb
-
Size
148KB
-
MD5
e227be993c9e58797b6189c652a585fb
-
SHA1
414475bbfc35e037b64e0811ee8e7d674e32b737
-
SHA256
24ee912caf5e4e0cebaac0f0f5422626b7859be66f1e1afca59a9e34564e5e48
-
SHA512
f73c43194ebafae44bb253b25bf47f38cd41cdbda5263e3580287e53103d0d0c3254159871ca1c2129ab290a2231e5c4f2bc36055ea763375d647e18f0c8859b
-
SSDEEP
1536:InpLaJGl7XX/j31w7NODnsqXffSyq+Vjz/+OxvpweD7SfldeNxqdaNBzFaDC2cTB:dJGlzPjlw7Nyfw+h/txBfWS5FapcU3M
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-