General
-
Target
5942a02bc0a0e32875bc71e9a678b065d5f0e144938467a3590ba884884153d3.zip
-
Size
33KB
-
Sample
230523-srwhysfh43
-
MD5
af2e920329889dbc59082f7fbb5d2944
-
SHA1
a8479bbdf0c34868ba2387f9049d9d6938da50a7
-
SHA256
d7371019f0e805318d7e7f1e27e782a2a30c8dfb1b7915b7a721a82746f0b67f
-
SHA512
d1ca5ab19aec33dfc0431c98be53498faad0432c55e02d375d0a0cdfe9119e15a0e62872c8f89b26a32e67c72427776348944fa5e53630eac533f7b4a3415b30
-
SSDEEP
768:Fo+PPY4rFEVWDM1S17X7sia+MEmVPXfEOOAzb:Fo+PPYBWDeQsi1wdXcOOE
Malware Config
Targets
-
-
Target
5942a02bc0a0e32875bc71e9a678b065d5f0e144938467a3590ba884884153d3
-
Size
68KB
-
MD5
0e9a211f76500fcb3f47f4ea3c94b1c5
-
SHA1
f92f1d121642844b1dab7eee204aa83a5ee0a1e2
-
SHA256
5942a02bc0a0e32875bc71e9a678b065d5f0e144938467a3590ba884884153d3
-
SHA512
15ccb1a92f48bcbd5b9043b9dc275170030a73ad5ffc9e55550a32cf3f2ac3379dc65b95851ec9c5bd643093b28f37dbb41fe2319af374a725e83a7a1870d76f
-
SSDEEP
1536:BlYfWdaqTjOnvQ6xSqb1L/8TOAEvvbkzLA/vZd/:Hyaj6xS01L/IOAU/vZ
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-