General
-
Target
466f4fc20529fe44f51712ab3e240fb6eea8364f9681b9401fe1a2a6143a3670
-
Size
96KB
-
Sample
221120-kvyhqaab9z
-
MD5
1a815033c5585d52ceba699e97322091
-
SHA1
9baa5ed9cc804c11ebc75149bba4f26470a1f9d6
-
SHA256
466f4fc20529fe44f51712ab3e240fb6eea8364f9681b9401fe1a2a6143a3670
-
SHA512
42616111974ff5eddd2c91b0c75ab76ef69a709053d8c8d03b9d0132f0d177e1374cadd32ef237bd11313d8f572a335111f05b5315a98a7cae9898dd8a9b4251
-
SSDEEP
1536:DiyeavfWjVejG2BRGgfG4iKBNJzmcgnPKlok7QQEeV1nnXw4EQktN+2TQNt3kO5k:DxXaVsPfvuBImXKdpEeV1XwNjxO55+sY
Static task
static1
Behavioral task
behavioral1
Sample
466f4fc20529fe44f51712ab3e240fb6eea8364f9681b9401fe1a2a6143a3670.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://sidoshka.pw:571/fix/update.php
http://noopparty.pw:571/fix/update.php
http://aa.shell.la/rapid/poh/689
Targets
-
-
Target
466f4fc20529fe44f51712ab3e240fb6eea8364f9681b9401fe1a2a6143a3670
-
Size
96KB
-
MD5
1a815033c5585d52ceba699e97322091
-
SHA1
9baa5ed9cc804c11ebc75149bba4f26470a1f9d6
-
SHA256
466f4fc20529fe44f51712ab3e240fb6eea8364f9681b9401fe1a2a6143a3670
-
SHA512
42616111974ff5eddd2c91b0c75ab76ef69a709053d8c8d03b9d0132f0d177e1374cadd32ef237bd11313d8f572a335111f05b5315a98a7cae9898dd8a9b4251
-
SSDEEP
1536:DiyeavfWjVejG2BRGgfG4iKBNJzmcgnPKlok7QQEeV1nnXw4EQktN+2TQNt3kO5k:DxXaVsPfvuBImXKdpEeV1XwNjxO55+sY
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-