General
-
Target
5d283f48cda7d39c9c1e82dd9b07945c6422accb618ea6c9a3c0ea7c7403f328
-
Size
220KB
-
Sample
240417-r74zlach77
-
MD5
e34a39adbc6e14570228240a5d189306
-
SHA1
ee2bceae0235e958cc8e6fc7c19d24c544fb9f6a
-
SHA256
5d283f48cda7d39c9c1e82dd9b07945c6422accb618ea6c9a3c0ea7c7403f328
-
SHA512
ab16cdc34f60758aaa95236735c7d7ec9971c398e1dbc22e121d1bbb670146d28704f0aa7ffa34a2ff5e5b809070dfdc35b34d49b01579a864d18ab0db889ac3
-
SSDEEP
6144:xmlCy+WiekNk0xDVccKcVncGoTDGubfBzFL4gqegFv:Uldieek0xDV5cGAzrAFFv
Static task
static1
Behavioral task
behavioral1
Sample
e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://212.192.241.203/sor/gate.php
-
payload_url
http://212.192.241.203/sor/shit.exe
Targets
-
-
Target
e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637.exe
-
Size
307KB
-
MD5
9634a80228a6d385b70c74db6f22118e
-
SHA1
9efdd367643baa158e5d51ca26553313bc6dcd27
-
SHA256
e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637
-
SHA512
ff30e23851da20b2e410db540a975c667beea73320e9465cf29c3ba2726eabe0d3a6aa6ff07e5388f44741eebee5dea2e6ee9fc81055c6c332ed7619b45499ba
-
SSDEEP
6144:HuNt3ej7WrLJ0z3j5KnUxtVYg9Gl6EYKjL8DPP:Hu3evWLJ6jYnM9GE9KjL8DP
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-