General

  • Target

    96c034f23a9bfd8c3044f454bf2f74d5174c571b6a5fd5ac96f426113433e2d3

  • Size

    38KB

  • Sample

    221123-lv7bascd52

  • MD5

    830be84bd225baa862e7b2014568dca6

  • SHA1

    6fed6b21e0aabea68f7ec6447724fd93878aa748

  • SHA256

    96c034f23a9bfd8c3044f454bf2f74d5174c571b6a5fd5ac96f426113433e2d3

  • SHA512

    d140001369f8cb8087e99cb3678fa4b1e7092040dd68ee8909c5ba16486644fb948d651e919de447d09f53320237c5b9bdcbc2a1ebbb331ee449d8c96c30e122

  • SSDEEP

    768:NygRaEIn1FgRaBGRUWmRx6W1rL+3fkZBdXqaBxkSYSmnbcuyD7U:NjgrW8MG2MrL+3fkXJLCSJmnouy8

Malware Config

Targets

    • Target

      96c034f23a9bfd8c3044f454bf2f74d5174c571b6a5fd5ac96f426113433e2d3

    • Size

      38KB

    • MD5

      830be84bd225baa862e7b2014568dca6

    • SHA1

      6fed6b21e0aabea68f7ec6447724fd93878aa748

    • SHA256

      96c034f23a9bfd8c3044f454bf2f74d5174c571b6a5fd5ac96f426113433e2d3

    • SHA512

      d140001369f8cb8087e99cb3678fa4b1e7092040dd68ee8909c5ba16486644fb948d651e919de447d09f53320237c5b9bdcbc2a1ebbb331ee449d8c96c30e122

    • SSDEEP

      768:NygRaEIn1FgRaBGRUWmRx6W1rL+3fkZBdXqaBxkSYSmnbcuyD7U:NjgrW8MG2MrL+3fkXJLCSJmnouy8

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks