General
-
Target
c15840ac56e885083afbd93b02b1a83633d11ea87fd4aeeb4bb1173a18e642a6
-
Size
124KB
-
Sample
221119-henx8shb26
-
MD5
36402c29dda06d890fb06ebc3b2bcb50
-
SHA1
f5627c2d774bd62124c7a833da448f529cd7ec81
-
SHA256
c15840ac56e885083afbd93b02b1a83633d11ea87fd4aeeb4bb1173a18e642a6
-
SHA512
943a3a924c1cac864a9e6f8138737fab430ea68e4842966e1f2197a36651a16430fec9af4934acec60a8bcdaf214d59129269df3d35286036193fa92b416d77d
-
SSDEEP
3072:7MuORMGlFUNdV+lNjt3zFo6N/QGlIO8uZINztKE:7nORDlGWNjt3zCt0VZIp
Static task
static1
Behavioral task
behavioral1
Sample
c15840ac56e885083afbd93b02b1a83633d11ea87fd4aeeb4bb1173a18e642a6.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://godekela.pw:571/fix/update.php
http://voekazik.pw:571/fix/update.php
Targets
-
-
Target
c15840ac56e885083afbd93b02b1a83633d11ea87fd4aeeb4bb1173a18e642a6
-
Size
124KB
-
MD5
36402c29dda06d890fb06ebc3b2bcb50
-
SHA1
f5627c2d774bd62124c7a833da448f529cd7ec81
-
SHA256
c15840ac56e885083afbd93b02b1a83633d11ea87fd4aeeb4bb1173a18e642a6
-
SHA512
943a3a924c1cac864a9e6f8138737fab430ea68e4842966e1f2197a36651a16430fec9af4934acec60a8bcdaf214d59129269df3d35286036193fa92b416d77d
-
SSDEEP
3072:7MuORMGlFUNdV+lNjt3zFo6N/QGlIO8uZINztKE:7nORDlGWNjt3zCt0VZIp
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-