General
-
Target
41810FD3481F8D4CCFB45FDDC97FEF5CCDFF10AF555A2.exe
-
Size
227KB
-
Sample
210707-xh3retp1fe
-
MD5
ea40d77d365053cb11d1ad5e89b9937d
-
SHA1
94ce4a149f7e703abb15018178a062dd3c454b04
-
SHA256
41810fd3481f8d4ccfb45fddc97fef5ccdff10af555a2c1fa239c541d3fd16a3
-
SHA512
b6e14464c7915f2b97bae0102176338c98f3a277bd0776d345d7381c70fb07dff9bb1bc234e3bf3804e96efaf2aee6f3d75facca623773dffb7825eaf83bb703
Static task
static1
Behavioral task
behavioral1
Sample
41810FD3481F8D4CCFB45FDDC97FEF5CCDFF10AF555A2.exe
Resource
win7v20210410
Malware Config
Extracted
pony
http://pmzmedical.com/fonts/.eot/glyphicon/home/temp.php
Targets
-
-
Target
41810FD3481F8D4CCFB45FDDC97FEF5CCDFF10AF555A2.exe
-
Size
227KB
-
MD5
ea40d77d365053cb11d1ad5e89b9937d
-
SHA1
94ce4a149f7e703abb15018178a062dd3c454b04
-
SHA256
41810fd3481f8d4ccfb45fddc97fef5ccdff10af555a2c1fa239c541d3fd16a3
-
SHA512
b6e14464c7915f2b97bae0102176338c98f3a277bd0776d345d7381c70fb07dff9bb1bc234e3bf3804e96efaf2aee6f3d75facca623773dffb7825eaf83bb703
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-