General
-
Target
f7354cf388d41e31f397e2aa0f40546ddd0b929a8aaf5ced7af3288aec34f236.exe
-
Size
706KB
-
Sample
210712-wec17evy26
-
MD5
3a990e8b280a4398f8f34c2bc06220a0
-
SHA1
5eb88cd730a0c2c69a3ff7e7876817b9d57aa0ab
-
SHA256
f7354cf388d41e31f397e2aa0f40546ddd0b929a8aaf5ced7af3288aec34f236
-
SHA512
31841a48301b63486e9cb1e4b2c649a462772545f0c9f821d2ac28aed5e240d5ce65a51db43a8ef452201db5563e0acea799e8753d4998407de41032c2e2e5fd
Static task
static1
Behavioral task
behavioral1
Sample
f7354cf388d41e31f397e2aa0f40546ddd0b929a8aaf5ced7af3288aec34f236.exe
Resource
win7v20210410
Malware Config
Extracted
pony
https://gulshanti.com/hybrid/panel/gate.php
-
payload_url
https://gulshanti.com/shit.exe
Targets
-
-
Target
f7354cf388d41e31f397e2aa0f40546ddd0b929a8aaf5ced7af3288aec34f236.exe
-
Size
706KB
-
MD5
3a990e8b280a4398f8f34c2bc06220a0
-
SHA1
5eb88cd730a0c2c69a3ff7e7876817b9d57aa0ab
-
SHA256
f7354cf388d41e31f397e2aa0f40546ddd0b929a8aaf5ced7af3288aec34f236
-
SHA512
31841a48301b63486e9cb1e4b2c649a462772545f0c9f821d2ac28aed5e240d5ce65a51db43a8ef452201db5563e0acea799e8753d4998407de41032c2e2e5fd
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-