General
-
Target
04710be5ee1f33f7e6e752588ed57894f48e62e2f9161f1385ebcfd65987920e
-
Size
154KB
-
Sample
220521-nfqq4sggdq
-
MD5
d8ab78fca33634c61ab035dd961d839a
-
SHA1
b544a35a3101046749c8e5b5ba62592d36ae09ef
-
SHA256
04710be5ee1f33f7e6e752588ed57894f48e62e2f9161f1385ebcfd65987920e
-
SHA512
7ed87bd458e9c007326d4245487bc3363a262262fc00be22c9ddfe58ec7e5453492d948a0412acc4aacb1b2d053b9df73337d374a170b2e3c603afc3f627557a
Malware Config
Targets
-
-
Target
Документы 29.07.2019.exe
-
Size
196KB
-
MD5
f2403ac020b62308e185b8aabc9006ae
-
SHA1
bfcfc605155649aa6458f64017b9305888a8264f
-
SHA256
bf5d3d55d30106e2d6c520eb7d43727f98c7e438257650908e7434ed99c590bb
-
SHA512
392db48c2c418533ab2989e38a1c9f0b3b9a7898c9f29f014dd2120eedaa6f21259ff96615fc4d246e76ed315d514a7e59c1d5385dea59a58889b25b7511396d
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-