General
-
Target
in_9.xls
-
Size
90KB
-
Sample
200715-csqksv696s
-
MD5
b569a368d36af422cf9c32656b3210ae
-
SHA1
0db43b4b6e1da2923cdafc4e21fd3054942f240c
-
SHA256
ea597641de8a19fd57c2873cc9f87e1f39c68b6ce56b471804e458a92ad19297
-
SHA512
ae269e82b06c9fe3b3ac275611d961ba1bedda4416e49f778896282b65120e760c9462d3327279fbb448f2f2e32cc27951152aed109c2a7d1fe83197cc8f867b
Malware Config
Targets
-
-
Target
in_9.xls
-
Size
90KB
-
MD5
b569a368d36af422cf9c32656b3210ae
-
SHA1
0db43b4b6e1da2923cdafc4e21fd3054942f240c
-
SHA256
ea597641de8a19fd57c2873cc9f87e1f39c68b6ce56b471804e458a92ad19297
-
SHA512
ae269e82b06c9fe3b3ac275611d961ba1bedda4416e49f778896282b65120e760c9462d3327279fbb448f2f2e32cc27951152aed109c2a7d1fe83197cc8f867b
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Suspicious use of SetThreadContext
-