General
-
Target
f9dcf3ce40d86bdb89b511a6970638e8d18565aa066f035b79170cdca89a1764
-
Size
1.1MB
-
Sample
240526-fpscasgf68
-
MD5
11b27179efa5ebd7049c14fab3c77d47
-
SHA1
242c1afefc4f43add6eb18f6c64c97b4880543c4
-
SHA256
f9dcf3ce40d86bdb89b511a6970638e8d18565aa066f035b79170cdca89a1764
-
SHA512
f18f44e1e4094bfdd9593f443307402e7909dcf78c2c8b017a4193aa0f9df86ba20c8082e3c690484a9899868d8b6881ce802a21c278512a80e153c746b97a4b
-
SSDEEP
24576:iu6J33O0c+JY5UZ+XC0kGsoTGcjr1I1lOq6sb8hTH7NWYK:Eu0c++OCvkGsEGcjr1i6skHUYK
Static task
static1
Behavioral task
behavioral1
Sample
f9dcf3ce40d86bdb89b511a6970638e8d18565aa066f035b79170cdca89a1764.exe
Resource
win7-20231129-en
Malware Config
Extracted
pony
http://185.79.156.18/bit/03/gate.php
Targets
-
-
Target
f9dcf3ce40d86bdb89b511a6970638e8d18565aa066f035b79170cdca89a1764
-
Size
1.1MB
-
MD5
11b27179efa5ebd7049c14fab3c77d47
-
SHA1
242c1afefc4f43add6eb18f6c64c97b4880543c4
-
SHA256
f9dcf3ce40d86bdb89b511a6970638e8d18565aa066f035b79170cdca89a1764
-
SHA512
f18f44e1e4094bfdd9593f443307402e7909dcf78c2c8b017a4193aa0f9df86ba20c8082e3c690484a9899868d8b6881ce802a21c278512a80e153c746b97a4b
-
SSDEEP
24576:iu6J33O0c+JY5UZ+XC0kGsoTGcjr1I1lOq6sb8hTH7NWYK:Eu0c++OCvkGsEGcjr1i6skHUYK
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-