General
-
Target
d3fc1e644cd5bf4cd9890d0a6ae300dc96fd8c72fc6455a329437cc69e4cf0a1.exe
-
Size
220KB
-
Sample
210705-k4atmzbtb2
-
MD5
9f2e38db951cfd63d36c48bd04ba0ab9
-
SHA1
4de4d4d204b9aa835a5113368fc17d3fe11011ba
-
SHA256
d3fc1e644cd5bf4cd9890d0a6ae300dc96fd8c72fc6455a329437cc69e4cf0a1
-
SHA512
98734dfe8ee726a2f48596a1852963c3d5de9e69648cd02f8c78e6bb303883f03867f6db3dc55b3aeaf0c760ff1679befe03f30c05bb0a1d636655d304d91691
Static task
static1
Behavioral task
behavioral1
Sample
d3fc1e644cd5bf4cd9890d0a6ae300dc96fd8c72fc6455a329437cc69e4cf0a1.exe
Resource
win7v20210410
Malware Config
Extracted
pony
http://aasdasd.com/gt.php
http://cent1.fav.al/st/gate.php
Targets
-
-
Target
d3fc1e644cd5bf4cd9890d0a6ae300dc96fd8c72fc6455a329437cc69e4cf0a1.exe
-
Size
220KB
-
MD5
9f2e38db951cfd63d36c48bd04ba0ab9
-
SHA1
4de4d4d204b9aa835a5113368fc17d3fe11011ba
-
SHA256
d3fc1e644cd5bf4cd9890d0a6ae300dc96fd8c72fc6455a329437cc69e4cf0a1
-
SHA512
98734dfe8ee726a2f48596a1852963c3d5de9e69648cd02f8c78e6bb303883f03867f6db3dc55b3aeaf0c760ff1679befe03f30c05bb0a1d636655d304d91691
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-