General
-
Target
58ba6b0d6ca5b907b74596a369b37009ead8cc97c602d8d509e00fca5a9565d1
-
Size
131KB
-
Sample
221128-e4mvpaag6s
-
MD5
7007074b2b11bb8a6bf0f82104722572
-
SHA1
a8f37c9d6e83c01c3959ab162f6af0e6db398c15
-
SHA256
58ba6b0d6ca5b907b74596a369b37009ead8cc97c602d8d509e00fca5a9565d1
-
SHA512
e14d76f4f79b26af89e684aa31afb56784c60d03c230961db25d5d656643c8412cf455d54ddcb689887a67618c240c0d0c320263c8b52c0095dca16b058ce732
-
SSDEEP
1536:RU4vpHnfw6ejgDH+p56AgiXMYe+bHhwif5IoCVJGndAfYO5SXlCkvzPBwrW9e55y:RVv4MepQhvI3KoCzGdAh5WlCI1e55P+d
Malware Config
Targets
-
-
Target
58ba6b0d6ca5b907b74596a369b37009ead8cc97c602d8d509e00fca5a9565d1
-
Size
131KB
-
MD5
7007074b2b11bb8a6bf0f82104722572
-
SHA1
a8f37c9d6e83c01c3959ab162f6af0e6db398c15
-
SHA256
58ba6b0d6ca5b907b74596a369b37009ead8cc97c602d8d509e00fca5a9565d1
-
SHA512
e14d76f4f79b26af89e684aa31afb56784c60d03c230961db25d5d656643c8412cf455d54ddcb689887a67618c240c0d0c320263c8b52c0095dca16b058ce732
-
SSDEEP
1536:RU4vpHnfw6ejgDH+p56AgiXMYe+bHhwif5IoCVJGndAfYO5SXlCkvzPBwrW9e55y:RVv4MepQhvI3KoCzGdAh5WlCI1e55P+d
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-