General
-
Target
276db1f77e846974dc82bb3754aff65d.exe
-
Size
263KB
-
Sample
240105-n6h4ysbdcl
-
MD5
276db1f77e846974dc82bb3754aff65d
-
SHA1
c20077e42be5351069c49cb6989d76d74169e777
-
SHA256
5a7a915498f8da66026fe8dfd6f5cada62b8804c2678fbeb78c7bce666d644a6
-
SHA512
cc53938cb2a94375f83cfa65302af27bde1c58244540aaf0a31812ccf227651c6b3a08cce70dce556269aacc009382e18b6e5e963f05ddba4e880cf0c289917e
-
SSDEEP
6144:Sy5/LVNQhyZUbTeCHrvDeWCW5d5zCqoF3igW+irObnxSKtaN4cps:fQhyZwCCHTAWH5CqokgOrObxSeaFm
Malware Config
Targets
-
-
Target
276db1f77e846974dc82bb3754aff65d.exe
-
Size
263KB
-
MD5
276db1f77e846974dc82bb3754aff65d
-
SHA1
c20077e42be5351069c49cb6989d76d74169e777
-
SHA256
5a7a915498f8da66026fe8dfd6f5cada62b8804c2678fbeb78c7bce666d644a6
-
SHA512
cc53938cb2a94375f83cfa65302af27bde1c58244540aaf0a31812ccf227651c6b3a08cce70dce556269aacc009382e18b6e5e963f05ddba4e880cf0c289917e
-
SSDEEP
6144:Sy5/LVNQhyZUbTeCHrvDeWCW5d5zCqoF3igW+irObnxSKtaN4cps:fQhyZwCCHTAWH5CqokgOrObxSeaFm
Score10/10-
Modifies security service
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Disables taskbar notifications via registry modification
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1