General
-
Target
e349b998b24eefec89455e49f79ed75b686b38c878fad57971f61e40f7d2f80c
-
Size
152KB
-
Sample
210706-4pbx74hqke
-
MD5
a983645de70c07a67f809450cea0d120
-
SHA1
7163f054e2a0da7ca37d303d623893afd0972788
-
SHA256
e349b998b24eefec89455e49f79ed75b686b38c878fad57971f61e40f7d2f80c
-
SHA512
5f539f066210a976d281e077abbab8a61a9d5ae33089fd8e1de61fc474531daa85a7849b7f646dab0e953880a1ee61e125fece8ada8d791807c648f5ae1970c9
Static task
static1
Behavioral task
behavioral1
Sample
e349b998b24eefec89455e49f79ed75b686b38c878fad57971f61e40f7d2f80c.exe
Resource
win7v20210410
Malware Config
Extracted
pony
http://police-fbi.securityservice.review/jax/fbip/pigen.php
Targets
-
-
Target
e349b998b24eefec89455e49f79ed75b686b38c878fad57971f61e40f7d2f80c
-
Size
152KB
-
MD5
a983645de70c07a67f809450cea0d120
-
SHA1
7163f054e2a0da7ca37d303d623893afd0972788
-
SHA256
e349b998b24eefec89455e49f79ed75b686b38c878fad57971f61e40f7d2f80c
-
SHA512
5f539f066210a976d281e077abbab8a61a9d5ae33089fd8e1de61fc474531daa85a7849b7f646dab0e953880a1ee61e125fece8ada8d791807c648f5ae1970c9
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-