Analysis
-
max time kernel
132s -
max time network
144s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-11-2020 14:24
General
-
Target
64dddbb15d568f1eb31c8e6b41ab7d2c9207ee990c98751151c75f320bf04efa.exe
-
Size
105KB
-
MD5
d4c388ade949797471208ac392b3eb34
-
SHA1
f0a81bd72d083db3b3609296784ce6851d2803c7
-
SHA256
64dddbb15d568f1eb31c8e6b41ab7d2c9207ee990c98751151c75f320bf04efa
-
SHA512
0690f543a272e3d79bccbe97d9f6af6e18c223275eff9076fb028a8a434e061510e2404fe8616260da536aeb4bc8b526a48c217ddc9235312c7195a87db657c2
Score
10/10
Malware Config
Signatures
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\64dddbb15d568f1eb31c8e6b41ab7d2c9207ee990c98751151c75f320bf04efa.exe"C:\Users\Admin\AppData\Local\Temp\64dddbb15d568f1eb31c8e6b41ab7d2c9207ee990c98751151c75f320bf04efa.exe"1⤵
- Suspicious use of AdjustPrivilegeToken