Resubmissions

18-02-2022 12:16

220218-pftnfacec5 10

14-02-2022 02:51

220214-db6lnadhc3 10

General

  • Target

    b7b86225defaae424aa2e447fc784088.exe

  • Size

    579KB

  • Sample

    220214-db6lnadhc3

  • MD5

    b7b86225defaae424aa2e447fc784088

  • SHA1

    4cb5d0afea368c7668fda827d5c8a0fea122520a

  • SHA256

    dab8893b6a8b67b41ad07bd0d01c6d9ba67bf3f80ff414ef7a85ec2a1f991c75

  • SHA512

    aedb708457385bcb8f6e5aed625d1926f276afb1d0b57c276d56a4c05c8dd3e207d17767d2d8887c795c688d87b773d281c520278a5eeccc2eb83d13f5dbfd5b

Malware Config

Targets

    • Target

      b7b86225defaae424aa2e447fc784088.exe

    • Size

      579KB

    • MD5

      b7b86225defaae424aa2e447fc784088

    • SHA1

      4cb5d0afea368c7668fda827d5c8a0fea122520a

    • SHA256

      dab8893b6a8b67b41ad07bd0d01c6d9ba67bf3f80ff414ef7a85ec2a1f991c75

    • SHA512

      aedb708457385bcb8f6e5aed625d1926f276afb1d0b57c276d56a4c05c8dd3e207d17767d2d8887c795c688d87b773d281c520278a5eeccc2eb83d13f5dbfd5b

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks