General
-
Target
384CCD374A7B0AD96C05C598A8805AF2C0171554A8CAA.exe
-
Size
496KB
-
Sample
210714-8m8l7r7vra
-
MD5
180512f19b80562669451bd32a14e7de
-
SHA1
41a81a5b383f2fa8936cff9c1c7d00096f202243
-
SHA256
384ccd374a7b0ad96c05c598a8805af2c0171554a8caa56b383b60f7a847e26f
-
SHA512
b9a390e5176203d7efa7eabb84433fb35606ad0e05f9ca0bfbf9bda5e3a1f5a87eb564fccf67ebbecce56f5b1a47d23cd3d517c063a8710b032df50ae53a0900
Static task
static1
Behavioral task
behavioral1
Sample
384CCD374A7B0AD96C05C598A8805AF2C0171554A8CAA.exe
Resource
win7v20210408
Malware Config
Extracted
pony
http://wellgam.com/bambam/gate.php
-
payload_url
http://wellgam.com/bambam/shit.exe
Targets
-
-
Target
384CCD374A7B0AD96C05C598A8805AF2C0171554A8CAA.exe
-
Size
496KB
-
MD5
180512f19b80562669451bd32a14e7de
-
SHA1
41a81a5b383f2fa8936cff9c1c7d00096f202243
-
SHA256
384ccd374a7b0ad96c05c598a8805af2c0171554a8caa56b383b60f7a847e26f
-
SHA512
b9a390e5176203d7efa7eabb84433fb35606ad0e05f9ca0bfbf9bda5e3a1f5a87eb564fccf67ebbecce56f5b1a47d23cd3d517c063a8710b032df50ae53a0900
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-