General
-
Target
24c646a4411a4bb99edf099ec0b8f83d7eddcda940bf8ca8840df4f92af3196a
-
Size
66KB
-
Sample
221128-g7t5aacc24
-
MD5
d49c95f8d13a5322a498d401f1ca3950
-
SHA1
4ad34e08a7fb59714b04384ab88424b9b652b8b3
-
SHA256
24c646a4411a4bb99edf099ec0b8f83d7eddcda940bf8ca8840df4f92af3196a
-
SHA512
3eda2862218aae1d4243f81c28d61eca310e8655f58df8193d005fd4403aaed0a84d80b860df31dbee9fe4adfe4333ff992b8464d6845d9f9692b3e80809fc99
-
SSDEEP
1536:THzzqIfhbp1pe769U2sNf34zL5vItmdqqy6TXgqhSWlLK33qtL:B9U2Pz9C+qST9ZL
Static task
static1
Behavioral task
behavioral1
Sample
24c646a4411a4bb99edf099ec0b8f83d7eddcda940bf8ca8840df4f92af3196a.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://pglipik.ru:2346/pony/mac.php
http://pfixsel.ru:2346/pony/mac.php
Targets
-
-
Target
24c646a4411a4bb99edf099ec0b8f83d7eddcda940bf8ca8840df4f92af3196a
-
Size
66KB
-
MD5
d49c95f8d13a5322a498d401f1ca3950
-
SHA1
4ad34e08a7fb59714b04384ab88424b9b652b8b3
-
SHA256
24c646a4411a4bb99edf099ec0b8f83d7eddcda940bf8ca8840df4f92af3196a
-
SHA512
3eda2862218aae1d4243f81c28d61eca310e8655f58df8193d005fd4403aaed0a84d80b860df31dbee9fe4adfe4333ff992b8464d6845d9f9692b3e80809fc99
-
SSDEEP
1536:THzzqIfhbp1pe769U2sNf34zL5vItmdqqy6TXgqhSWlLK33qtL:B9U2Pz9C+qST9ZL
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-