General
-
Target
d2f78d1bba5d66b7b8e70782ccf8374643c196522ff7c9b7521051f2be568b0c
-
Size
1.2MB
-
Sample
221205-w8w3lahd91
-
MD5
0dba0d1e7ef16defe25558459127884a
-
SHA1
a14cd530199651af5d734edf98e7aad24c0d4897
-
SHA256
d2f78d1bba5d66b7b8e70782ccf8374643c196522ff7c9b7521051f2be568b0c
-
SHA512
ebb69460175eaac2c347889eff68b32b232ba4eb2b2460ad6b922a790786c854ab8a88b89dc56146ecd2f7cf7af3bd5137846c850be1a0055a068ca99c50cc10
-
SSDEEP
24576:7GTPkoVS58mFzvcevFHxRPzs/Qyk0tXkRV9N:7GTsR5TFTvtHTPY/pk01CT
Malware Config
Targets
-
-
Target
d2f78d1bba5d66b7b8e70782ccf8374643c196522ff7c9b7521051f2be568b0c
-
Size
1.2MB
-
MD5
0dba0d1e7ef16defe25558459127884a
-
SHA1
a14cd530199651af5d734edf98e7aad24c0d4897
-
SHA256
d2f78d1bba5d66b7b8e70782ccf8374643c196522ff7c9b7521051f2be568b0c
-
SHA512
ebb69460175eaac2c347889eff68b32b232ba4eb2b2460ad6b922a790786c854ab8a88b89dc56146ecd2f7cf7af3bd5137846c850be1a0055a068ca99c50cc10
-
SSDEEP
24576:7GTPkoVS58mFzvcevFHxRPzs/Qyk0tXkRV9N:7GTsR5TFTvtHTPY/pk01CT
Score10/10-
Modifies security service
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-