Analysis
-
max time kernel
119s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
28-11-2022 04:29
General
-
Target
114d45311d7fd18128a56337f6ec3c1821d5c3de4ec240a42ad5ef3e7df5a91a.exe
-
Size
81KB
-
MD5
336658eb06d781076327f7af93ead41d
-
SHA1
2141f47edf6b82ccea4b29964b10341953ca5852
-
SHA256
114d45311d7fd18128a56337f6ec3c1821d5c3de4ec240a42ad5ef3e7df5a91a
-
SHA512
7af16c09cbfde72a38437d9ef41ee71650f08f5b9c38d6d0a0f0b515c740978b5b5e15386a7b506e24220ba8f2813b14566184aab5e0b9d1d8a386dd40237ef1
-
SSDEEP
1536:06/W/jqTJldK7DjWN5YvAbnoD72egkjOppEFjkzmPA:9YkgWN5YHzOppEF7PA
Malware Config
Signatures
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
-
Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 32 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\114d45311d7fd18128a56337f6ec3c1821d5c3de4ec240a42ad5ef3e7df5a91a.exe"C:\Users\Admin\AppData\Local\Temp\114d45311d7fd18128a56337f6ec3c1821d5c3de4ec240a42ad5ef3e7df5a91a.exe"1⤵
- Accesses Microsoft Outlook accounts
- Accesses Microsoft Outlook profiles
- Suspicious use of AdjustPrivilegeToken
- outlook_win_path
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1000-54-0x0000000075441000-0x0000000075443000-memory.dmpFilesize
8KB