General

  • Target

    e3466688c5674346c6dd2f9cfde369f39ea6f9a3fb019b7d76e19883c70b08f1

  • Size

    167KB

  • Sample

    221002-n55lkaeaf8

  • MD5

    6f4540d138f281b29415b9cbafa62910

  • SHA1

    c54f00eca7b1f5a772f58b2220fe8199da4019f8

  • SHA256

    e3466688c5674346c6dd2f9cfde369f39ea6f9a3fb019b7d76e19883c70b08f1

  • SHA512

    b11da1f3c1e8555ccf64082ebdc1cce491b5e3f125d7a7b5448246831fb1e9532c723a475880d4fe07fc80ecff93b6bc11578b2f6de6abb95f8cb7876d9e46e0

  • SSDEEP

    3072:RR6j9TQO+YkGZZin+HqZhWePiFkR/OYnlZFb:2x8skfPf

Malware Config

Targets

    • Target

      e3466688c5674346c6dd2f9cfde369f39ea6f9a3fb019b7d76e19883c70b08f1

    • Size

      167KB

    • MD5

      6f4540d138f281b29415b9cbafa62910

    • SHA1

      c54f00eca7b1f5a772f58b2220fe8199da4019f8

    • SHA256

      e3466688c5674346c6dd2f9cfde369f39ea6f9a3fb019b7d76e19883c70b08f1

    • SHA512

      b11da1f3c1e8555ccf64082ebdc1cce491b5e3f125d7a7b5448246831fb1e9532c723a475880d4fe07fc80ecff93b6bc11578b2f6de6abb95f8cb7876d9e46e0

    • SSDEEP

      3072:RR6j9TQO+YkGZZin+HqZhWePiFkR/OYnlZFb:2x8skfPf

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Tasks