General

  • Target

    f4068d39136c46aa7f5f18bdb62bb659082ceb0025121d6c06b459663dd9a322

  • Size

    175KB

  • Sample

    221119-gtq6gacc8w

  • MD5

    267715e2e5648fdd8fc45646b178be23

  • SHA1

    a5d4259460e9903d4f93e31e005fb896e11da6d3

  • SHA256

    f4068d39136c46aa7f5f18bdb62bb659082ceb0025121d6c06b459663dd9a322

  • SHA512

    a688aa5b35b03b7191898048203af44baab2dff6676b6348dd471b2616cc0d6055a4f7f86a15f2211819fea652a3d8c052edc8804f2bf7b4c04f6261f7ff39b7

  • SSDEEP

    3072:QOyeRoufAXZCmvtELB5krU7HsUTaIM59KuCiiZOLlezi0:zyeRzAJCmvtEl5kQ7tO59KvR

Malware Config

Targets

    • Target

      f4068d39136c46aa7f5f18bdb62bb659082ceb0025121d6c06b459663dd9a322

    • Size

      175KB

    • MD5

      267715e2e5648fdd8fc45646b178be23

    • SHA1

      a5d4259460e9903d4f93e31e005fb896e11da6d3

    • SHA256

      f4068d39136c46aa7f5f18bdb62bb659082ceb0025121d6c06b459663dd9a322

    • SHA512

      a688aa5b35b03b7191898048203af44baab2dff6676b6348dd471b2616cc0d6055a4f7f86a15f2211819fea652a3d8c052edc8804f2bf7b4c04f6261f7ff39b7

    • SSDEEP

      3072:QOyeRoufAXZCmvtELB5krU7HsUTaIM59KuCiiZOLlezi0:zyeRzAJCmvtEl5kQ7tO59KvR

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks