General
-
Target
e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637.exe
-
Size
307KB
-
Sample
210617-8tz5glqr9e
-
MD5
9634a80228a6d385b70c74db6f22118e
-
SHA1
9efdd367643baa158e5d51ca26553313bc6dcd27
-
SHA256
e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637
-
SHA512
ff30e23851da20b2e410db540a975c667beea73320e9465cf29c3ba2726eabe0d3a6aa6ff07e5388f44741eebee5dea2e6ee9fc81055c6c332ed7619b45499ba
Static task
static1
Behavioral task
behavioral1
Sample
e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637.exe
Resource
win7v20210408
Malware Config
Extracted
pony
http://212.192.241.203/sor/gate.php
-
payload_url
http://212.192.241.203/sor/shit.exe
Targets
-
-
Target
e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637.exe
-
Size
307KB
-
MD5
9634a80228a6d385b70c74db6f22118e
-
SHA1
9efdd367643baa158e5d51ca26553313bc6dcd27
-
SHA256
e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637
-
SHA512
ff30e23851da20b2e410db540a975c667beea73320e9465cf29c3ba2726eabe0d3a6aa6ff07e5388f44741eebee5dea2e6ee9fc81055c6c332ed7619b45499ba
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-