General
-
Target
0510000af8061b614dd91e3dbdba8a1c2f0c12804b4c8ad2643190b28e4035e8
-
Size
285KB
-
Sample
221201-g3rtcsfd2y
-
MD5
12ce1559edf018904095a5d90ee57e30
-
SHA1
5eac39a381d660b5bdd966827ed58eb201ff012a
-
SHA256
0510000af8061b614dd91e3dbdba8a1c2f0c12804b4c8ad2643190b28e4035e8
-
SHA512
ab94a4799451695fe4e17cdcc6888fea9e6f8c5498ab7c4b521c95a5a81645e3c5a027fe94578a34589aecf1c65745912db188b0796956f8e111b331378fd9be
-
SSDEEP
6144:BmZFO5wodOB3uLoZvOfM7dy/e1y34N5EKAYlAUVL3MbjnAfi2I:BmZFvBvToT4oKA1U2bjsI
Malware Config
Targets
-
-
Target
0510000af8061b614dd91e3dbdba8a1c2f0c12804b4c8ad2643190b28e4035e8
-
Size
285KB
-
MD5
12ce1559edf018904095a5d90ee57e30
-
SHA1
5eac39a381d660b5bdd966827ed58eb201ff012a
-
SHA256
0510000af8061b614dd91e3dbdba8a1c2f0c12804b4c8ad2643190b28e4035e8
-
SHA512
ab94a4799451695fe4e17cdcc6888fea9e6f8c5498ab7c4b521c95a5a81645e3c5a027fe94578a34589aecf1c65745912db188b0796956f8e111b331378fd9be
-
SSDEEP
6144:BmZFO5wodOB3uLoZvOfM7dy/e1y34N5EKAYlAUVL3MbjnAfi2I:BmZFvBvToT4oKA1U2bjsI
Score10/10-
Modifies security service
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-