General
-
Target
e97220a6a00e0a871c10ea1625788f4959247bb3a8bb658540d9b516ec9de8dd
-
Size
277KB
-
Sample
221127-lrxyfsca8t
-
MD5
063cc2a3a291a25d7caaadce29b92204
-
SHA1
1e6fe9fda04c90db08a97e6655cfd9552b343376
-
SHA256
e97220a6a00e0a871c10ea1625788f4959247bb3a8bb658540d9b516ec9de8dd
-
SHA512
e0f4f4b05df77f8522070e62fa0ce95b4d5690159a3a62054ad9e07dd2e70deea91e87be8445f710e856132b64ab78dcba168db2b834c52e00beff85d22a110f
-
SSDEEP
6144:i3oyNOD+0vX9BEF5Cb/b7PqwhYNDPNZupAutRv/NfCXI7X:moF9A5CDzeDupPtRv/NK4
Malware Config
Targets
-
-
Target
e97220a6a00e0a871c10ea1625788f4959247bb3a8bb658540d9b516ec9de8dd
-
Size
277KB
-
MD5
063cc2a3a291a25d7caaadce29b92204
-
SHA1
1e6fe9fda04c90db08a97e6655cfd9552b343376
-
SHA256
e97220a6a00e0a871c10ea1625788f4959247bb3a8bb658540d9b516ec9de8dd
-
SHA512
e0f4f4b05df77f8522070e62fa0ce95b4d5690159a3a62054ad9e07dd2e70deea91e87be8445f710e856132b64ab78dcba168db2b834c52e00beff85d22a110f
-
SSDEEP
6144:i3oyNOD+0vX9BEF5Cb/b7PqwhYNDPNZupAutRv/NfCXI7X:moF9A5CDzeDupPtRv/NK4
Score10/10-
Modifies security service
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-