General
-
Target
d299f018b08ae060918ebd7f272370bef47b4c1f2298286081cf284031a18232
-
Size
655KB
-
Sample
221123-vjnt9ahb76
-
MD5
45cf2906c13122a31550155262b97fb1
-
SHA1
be018f70e580b218c405a689497fc6bcb20f74fb
-
SHA256
d299f018b08ae060918ebd7f272370bef47b4c1f2298286081cf284031a18232
-
SHA512
addee8d3212e7e7d304a68a6cc012c3c731305766e9349832f65acebe1c2a0754927fcc3cc96bd9df33ab0eb9fbbf2818c79d9ed157cb40d19b8fba4386345bc
-
SSDEEP
12288:/ESqJwbBEE+tOiDc2xwlqXs4zUmvycM6xgNyJ6DsZuhEP60dIIFazZyun23:/EdYj+jDc21lz/VnxgAJxuOCciZzE
Malware Config
Targets
-
-
Target
d299f018b08ae060918ebd7f272370bef47b4c1f2298286081cf284031a18232
-
Size
655KB
-
MD5
45cf2906c13122a31550155262b97fb1
-
SHA1
be018f70e580b218c405a689497fc6bcb20f74fb
-
SHA256
d299f018b08ae060918ebd7f272370bef47b4c1f2298286081cf284031a18232
-
SHA512
addee8d3212e7e7d304a68a6cc012c3c731305766e9349832f65acebe1c2a0754927fcc3cc96bd9df33ab0eb9fbbf2818c79d9ed157cb40d19b8fba4386345bc
-
SSDEEP
12288:/ESqJwbBEE+tOiDc2xwlqXs4zUmvycM6xgNyJ6DsZuhEP60dIIFazZyun23:/EdYj+jDc21lz/VnxgAJxuOCciZzE
Score10/10-
Modifies security service
-
Modifies visiblity of hidden/system files in Explorer
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-