General

  • Target

    4a9ea43aee843ecda435a0cde47dc7f639bbda94d0a133157978b67dfc4d2013

  • Size

    163KB

  • Sample

    221120-ks5t1seg58

  • MD5

    139f538e66b447319f23843017388a70

  • SHA1

    5ece06fce20bac90edf8900ea5232647aaff0e80

  • SHA256

    4a9ea43aee843ecda435a0cde47dc7f639bbda94d0a133157978b67dfc4d2013

  • SHA512

    69773d8c484cd40fa906c30a30e8574350851e885e8e3d257e2237a35271bb6390c5dc70099b4953245a6b1526dd1edd10a0d289517bbf9eed7b1f916f64fc59

  • SSDEEP

    3072:fozhzwk+275ip/ODZXf3CcCTjLACItGV5Fjn5Elrb:Lf275ip/2ZXPKT3AC+GVrsr

Malware Config

Targets

    • Target

      4a9ea43aee843ecda435a0cde47dc7f639bbda94d0a133157978b67dfc4d2013

    • Size

      163KB

    • MD5

      139f538e66b447319f23843017388a70

    • SHA1

      5ece06fce20bac90edf8900ea5232647aaff0e80

    • SHA256

      4a9ea43aee843ecda435a0cde47dc7f639bbda94d0a133157978b67dfc4d2013

    • SHA512

      69773d8c484cd40fa906c30a30e8574350851e885e8e3d257e2237a35271bb6390c5dc70099b4953245a6b1526dd1edd10a0d289517bbf9eed7b1f916f64fc59

    • SSDEEP

      3072:fozhzwk+275ip/ODZXf3CcCTjLACItGV5Fjn5Elrb:Lf275ip/2ZXPKT3AC+GVrsr

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks