General
-
Target
119a655f8180863569b3104863d1373102a06f936ebd9a69297c6fc3dabab55d
-
Size
93KB
-
Sample
220604-cnzs7shfal
-
MD5
9d84403a1d3483348e691803d1f35fda
-
SHA1
eeaec022550b0e7603af26e0fa02492cd4b48c45
-
SHA256
119a655f8180863569b3104863d1373102a06f936ebd9a69297c6fc3dabab55d
-
SHA512
157c89abdbc803c923c0c7e6669a6585f73004f011394078d530a35beeaa3664e89334db170d5be2efed2fec09afdc0e8689e590f8c29b9421491c5060bfc795
Malware Config
Targets
-
-
Target
119a655f8180863569b3104863d1373102a06f936ebd9a69297c6fc3dabab55d
-
Size
93KB
-
MD5
9d84403a1d3483348e691803d1f35fda
-
SHA1
eeaec022550b0e7603af26e0fa02492cd4b48c45
-
SHA256
119a655f8180863569b3104863d1373102a06f936ebd9a69297c6fc3dabab55d
-
SHA512
157c89abdbc803c923c0c7e6669a6585f73004f011394078d530a35beeaa3664e89334db170d5be2efed2fec09afdc0e8689e590f8c29b9421491c5060bfc795
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
suricata: ET MALWARE Fareit/Pony Downloader Checkin 3
suricata: ET MALWARE Fareit/Pony Downloader Checkin 3
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
suricata: ET MALWARE Win32.Fareit.A/Pony Downloader Checkin
suricata: ET MALWARE Win32.Fareit.A/Pony Downloader Checkin
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-