General
-
Target
6EA14E473644F3BEA03782F41D7C5246.exe
-
Size
696KB
-
Sample
210717-pkcgg2tg7j
-
MD5
6ea14e473644f3bea03782f41d7c5246
-
SHA1
3be05d9f18b574c5c4eea2f8ab8160c470553aeb
-
SHA256
c565ce12f63b1cb897156e0234907a49517439247747cc7df5b69952c1e7ce43
-
SHA512
7fcb2c62bd9d4a569ce0fd788068bfab133595d8ef54957aa5ed4295b1988a92c7d62fdd465e2c34152f02e39a022015ac2868c4b97df1327862d41c60885f59
Static task
static1
Behavioral task
behavioral1
Sample
6EA14E473644F3BEA03782F41D7C5246.exe
Resource
win7v20210410
Malware Config
Extracted
pony
http://fuckoff.av.com/gate.php
http://mrson.dan.al/sddob/gate.php
Targets
-
-
Target
6EA14E473644F3BEA03782F41D7C5246.exe
-
Size
696KB
-
MD5
6ea14e473644f3bea03782f41d7c5246
-
SHA1
3be05d9f18b574c5c4eea2f8ab8160c470553aeb
-
SHA256
c565ce12f63b1cb897156e0234907a49517439247747cc7df5b69952c1e7ce43
-
SHA512
7fcb2c62bd9d4a569ce0fd788068bfab133595d8ef54957aa5ed4295b1988a92c7d62fdd465e2c34152f02e39a022015ac2868c4b97df1327862d41c60885f59
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-