General

  • Target

    e9b6ec5e70dc7c3df388a8d6b43b44b025662aedb38d43df140100e9fd681f14

  • Size

    174KB

  • Sample

    221108-zwcpzaghb5

  • MD5

    0d0d16fe4aed2700b6a2f1815b3336f0

  • SHA1

    4b69d5639226e2abf8b725b71fd61a20239fde74

  • SHA256

    e9b6ec5e70dc7c3df388a8d6b43b44b025662aedb38d43df140100e9fd681f14

  • SHA512

    57787e4b5fba9b8d63c8074bd10edce15781c2819f0ad687fc3350f36ffe7c3eaaa3f7f41260be0ba973624eb0a9d04c6257635d3843d6407e75ce5c538fba2c

  • SSDEEP

    3072:TiGFtjuU65n6x6zKUpOaUVmxDMgt0N2h7nz1zp:bjuUi6x6NxK2hH1F

Malware Config

Targets

    • Target

      e9b6ec5e70dc7c3df388a8d6b43b44b025662aedb38d43df140100e9fd681f14

    • Size

      174KB

    • MD5

      0d0d16fe4aed2700b6a2f1815b3336f0

    • SHA1

      4b69d5639226e2abf8b725b71fd61a20239fde74

    • SHA256

      e9b6ec5e70dc7c3df388a8d6b43b44b025662aedb38d43df140100e9fd681f14

    • SHA512

      57787e4b5fba9b8d63c8074bd10edce15781c2819f0ad687fc3350f36ffe7c3eaaa3f7f41260be0ba973624eb0a9d04c6257635d3843d6407e75ce5c538fba2c

    • SSDEEP

      3072:TiGFtjuU65n6x6zKUpOaUVmxDMgt0N2h7nz1zp:bjuUi6x6NxK2hH1F

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks