General
-
Target
1cece2cb2a8b05a561c5a5f4d032892f6cc82317a769b84a48a98930ecc2703b
-
Size
88KB
-
Sample
221120-k98l8sah2s
-
MD5
13d89810cfb3010ce0af42aac50a8350
-
SHA1
df28bc2634335b22fb1f82a9f09af5da8e930c7b
-
SHA256
1cece2cb2a8b05a561c5a5f4d032892f6cc82317a769b84a48a98930ecc2703b
-
SHA512
ed566cb116fb6e823bba684f443ba37de0c6e3db69108bcbe6544479152fcf986e821da92f3ebee553e712e2ea7ea018dfa9b4e55faca2fc8e4fa9ffdf8487ec
-
SSDEEP
1536:eyjkpv27h+gFDAxJssDw4M7/U2UyGg6y4lHNzDYFmyG07xOkI6aN6/S:exZYDAxJXsdU2ZG/tLgFmKNo6K
Static task
static1
Behavioral task
behavioral1
Sample
1cece2cb2a8b05a561c5a5f4d032892f6cc82317a769b84a48a98930ecc2703b.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://voladex.pw:36/fix/mark.php
http://bolakes.pw:36/fix/refer.php
http://camtest33.pw:36/fix/symbols.php
-
payload_url
http://camtest3.pw:36/fix/Sonar.exe
Targets
-
-
Target
1cece2cb2a8b05a561c5a5f4d032892f6cc82317a769b84a48a98930ecc2703b
-
Size
88KB
-
MD5
13d89810cfb3010ce0af42aac50a8350
-
SHA1
df28bc2634335b22fb1f82a9f09af5da8e930c7b
-
SHA256
1cece2cb2a8b05a561c5a5f4d032892f6cc82317a769b84a48a98930ecc2703b
-
SHA512
ed566cb116fb6e823bba684f443ba37de0c6e3db69108bcbe6544479152fcf986e821da92f3ebee553e712e2ea7ea018dfa9b4e55faca2fc8e4fa9ffdf8487ec
-
SSDEEP
1536:eyjkpv27h+gFDAxJssDw4M7/U2UyGg6y4lHNzDYFmyG07xOkI6aN6/S:exZYDAxJXsdU2ZG/tLgFmKNo6K
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-