General
-
Target
38dfeabf5526511effa346e9ced2145d4d2b1ffbc065146d3869e27fc235cd99.exe
-
Size
698KB
-
Sample
220521-b6579sdbf5
-
MD5
0937ad49912c231a7b996268a685a5a3
-
SHA1
4d9abdc517ecdb57cd259f0e9cd64a8090a4ba44
-
SHA256
38dfeabf5526511effa346e9ced2145d4d2b1ffbc065146d3869e27fc235cd99
-
SHA512
ee1cef0019199cd41a5e2b3ff875be719355caf6d93aca29d8184135978f47dde561c39206858097b8e8ef57eeb946ec620312fb14cbc4c9664c7330304d114d
Static task
static1
Behavioral task
behavioral1
Sample
38dfeabf5526511effa346e9ced2145d4d2b1ffbc065146d3869e27fc235cd99.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://lasgidivibescontrol.com/onyyy/panel/gate.php
-
payload_url
http://lasgidivibescontrol.com/shit.exe
Targets
-
-
Target
38dfeabf5526511effa346e9ced2145d4d2b1ffbc065146d3869e27fc235cd99.exe
-
Size
698KB
-
MD5
0937ad49912c231a7b996268a685a5a3
-
SHA1
4d9abdc517ecdb57cd259f0e9cd64a8090a4ba44
-
SHA256
38dfeabf5526511effa346e9ced2145d4d2b1ffbc065146d3869e27fc235cd99
-
SHA512
ee1cef0019199cd41a5e2b3ff875be719355caf6d93aca29d8184135978f47dde561c39206858097b8e8ef57eeb946ec620312fb14cbc4c9664c7330304d114d
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Modifies file permissions
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-