General

  • Target

    8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5

  • Size

    240KB

  • Sample

    221002-p4gc1shbfr

  • MD5

    46778240d7973ea82ed8b8c22d8cef90

  • SHA1

    ec048d9e41578d722baa09a6164a20e28943f616

  • SHA256

    8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5

  • SHA512

    2c6d2fd57810b592cb788fb0b94d44b51d48a18b69c6ed8b23005e9d4c60dd00c27be8de61cc12c7f3f523c81e68dd68855152b85ee5aa125c0f346168d4e722

  • SSDEEP

    3072:0ZKx4AzGDCx7G2nnk2cNRzn2HwbL2zH30o9KSe27Nyw:0Z24YPVc7b9wRKSe25

Malware Config

Targets

    • Target

      8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5

    • Size

      240KB

    • MD5

      46778240d7973ea82ed8b8c22d8cef90

    • SHA1

      ec048d9e41578d722baa09a6164a20e28943f616

    • SHA256

      8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5

    • SHA512

      2c6d2fd57810b592cb788fb0b94d44b51d48a18b69c6ed8b23005e9d4c60dd00c27be8de61cc12c7f3f523c81e68dd68855152b85ee5aa125c0f346168d4e722

    • SSDEEP

      3072:0ZKx4AzGDCx7G2nnk2cNRzn2HwbL2zH30o9KSe27Nyw:0Z24YPVc7b9wRKSe25

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Tasks