General
-
Target
27d85a395aef2dbd3bd3406a96651a4602483ab1a0cf8c95def0007742ccb754
-
Size
287KB
-
Sample
221204-m1vp5acb44
-
MD5
043561f1837fae197aea41280e0e6350
-
SHA1
04db1bbf34a8ba926e430de6f447066707b66fd8
-
SHA256
27d85a395aef2dbd3bd3406a96651a4602483ab1a0cf8c95def0007742ccb754
-
SHA512
2cbc2eb024869eb6e636ffd5eed0f2dc7259c0adaef1e56862d52040d6723764dc24b3d10d1aa8d4ae7fb7d4eb4bd6d0a19fc790dadd3d43c9293500833e5913
-
SSDEEP
6144:HYdTOd+1ig3XO+UVLJrhwQns3879dj1Ur8RoD3tKXw:HYdKd+1RgVLxdj1UwRhXw
Malware Config
Targets
-
-
Target
27d85a395aef2dbd3bd3406a96651a4602483ab1a0cf8c95def0007742ccb754
-
Size
287KB
-
MD5
043561f1837fae197aea41280e0e6350
-
SHA1
04db1bbf34a8ba926e430de6f447066707b66fd8
-
SHA256
27d85a395aef2dbd3bd3406a96651a4602483ab1a0cf8c95def0007742ccb754
-
SHA512
2cbc2eb024869eb6e636ffd5eed0f2dc7259c0adaef1e56862d52040d6723764dc24b3d10d1aa8d4ae7fb7d4eb4bd6d0a19fc790dadd3d43c9293500833e5913
-
SSDEEP
6144:HYdTOd+1ig3XO+UVLJrhwQns3879dj1Ur8RoD3tKXw:HYdKd+1RgVLxdj1UwRhXw
Score10/10-
Modifies security service
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-