General

  • Target

    8C8E3814E775492F6B250E2DB3B636DA.exe

  • Size

    92KB

  • Sample

    210506-kqr77eh2s6

  • MD5

    8c8e3814e775492f6b250e2db3b636da

  • SHA1

    ce8603b7bf0af19d29f1e0b063b26c066f151c00

  • SHA256

    479c2742f5d9d61607933d59d483390286c627282b2f820d50aa72bb08fd536f

  • SHA512

    03cee234b4ad2e635d648b51b5c53f2262e63d725b293abffe0ad76be185975dd8808bf44b098c78e402ad283dfe23b62104e711177988bdb0bb31235bb84c6d

Malware Config

Targets

    • Target

      8C8E3814E775492F6B250E2DB3B636DA.exe

    • Size

      92KB

    • MD5

      8c8e3814e775492f6b250e2db3b636da

    • SHA1

      ce8603b7bf0af19d29f1e0b063b26c066f151c00

    • SHA256

      479c2742f5d9d61607933d59d483390286c627282b2f820d50aa72bb08fd536f

    • SHA512

      03cee234b4ad2e635d648b51b5c53f2262e63d725b293abffe0ad76be185975dd8808bf44b098c78e402ad283dfe23b62104e711177988bdb0bb31235bb84c6d

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks