General

  • Target

    eba04bf17d7c411a0fb599d8b8706a3ca07afc2562029b8fd6a0effdf40531a3.exe

  • Size

    90KB

  • Sample

    201115-1ez5cgsbaa

  • MD5

    3a38e9f3d7ba295dd6a5ff18e71f8f1e

  • SHA1

    0ddfe6b9a1ebdb633d01b98f22a94451c4e6e129

  • SHA256

    eba04bf17d7c411a0fb599d8b8706a3ca07afc2562029b8fd6a0effdf40531a3

  • SHA512

    15fb351dae3ad4dea872b7eb18743504e112c4b06d5acdae9824e6e67d34f0d4f5647485d3a6473dd2a8a09f294f2af97c3c49de81405696b315303d80429de9

Malware Config

Targets

    • Target

      eba04bf17d7c411a0fb599d8b8706a3ca07afc2562029b8fd6a0effdf40531a3.exe

    • Size

      90KB

    • MD5

      3a38e9f3d7ba295dd6a5ff18e71f8f1e

    • SHA1

      0ddfe6b9a1ebdb633d01b98f22a94451c4e6e129

    • SHA256

      eba04bf17d7c411a0fb599d8b8706a3ca07afc2562029b8fd6a0effdf40531a3

    • SHA512

      15fb351dae3ad4dea872b7eb18743504e112c4b06d5acdae9824e6e67d34f0d4f5647485d3a6473dd2a8a09f294f2af97c3c49de81405696b315303d80429de9

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks