General

  • Target

    4faa212fecafab7906c9d0a461cb5bb2847b3a66f9e19e0e5c67ea8e9c90bf5d

  • Size

    285KB

  • Sample

    221119-vfykaafb4v

  • MD5

    43b38c09d2758614f16e67624c4773a6

  • SHA1

    3ef014b1d7ce8d1c735754380bc887400395f6ea

  • SHA256

    4faa212fecafab7906c9d0a461cb5bb2847b3a66f9e19e0e5c67ea8e9c90bf5d

  • SHA512

    29d21c5ee958c3f808077baed8aaadcef2926e59c65c2061269cb8e5a1f033dd36ccb21266bbb4bb09836648c4da0241761d4cbc711d5fe3140f8582e4592f76

  • SSDEEP

    6144:kY16JhBit/tmzEnxhC4wUFr+9C4JqsTZ3BwGoYm4u0QFWeH:taBitjwUFr+/qsThBw9350c

Malware Config

Targets

    • Target

      4faa212fecafab7906c9d0a461cb5bb2847b3a66f9e19e0e5c67ea8e9c90bf5d

    • Size

      285KB

    • MD5

      43b38c09d2758614f16e67624c4773a6

    • SHA1

      3ef014b1d7ce8d1c735754380bc887400395f6ea

    • SHA256

      4faa212fecafab7906c9d0a461cb5bb2847b3a66f9e19e0e5c67ea8e9c90bf5d

    • SHA512

      29d21c5ee958c3f808077baed8aaadcef2926e59c65c2061269cb8e5a1f033dd36ccb21266bbb4bb09836648c4da0241761d4cbc711d5fe3140f8582e4592f76

    • SSDEEP

      6144:kY16JhBit/tmzEnxhC4wUFr+9C4JqsTZ3BwGoYm4u0QFWeH:taBitjwUFr+/qsThBw9350c

    • Modifies security service

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks