General
-
Target
59d67d15947c1a3aa74be72acae28f06
-
Size
91KB
-
Sample
240114-a4twsahhg3
-
MD5
59d67d15947c1a3aa74be72acae28f06
-
SHA1
485f49d4678297e13c45e5db50a838f25395d016
-
SHA256
afeb8c143f41db59cce375f24e5a42c71039662770107de705d8581e1f4182de
-
SHA512
167c323cef1e4525d33caa66e70e73747a14f431e3d8124bf6a43e13d22178c733b8dcc6511e15a9a0a600a016dc218fa2112d1d77877b5642ecd0f7d25c96f9
-
SSDEEP
1536:PcP0dAXzppuzDGC3ItBgM6112sHSc5tA8l6+5dqckhuOvce9jIKC2aUUn/M6Ddb:PcMdAX1kABgjHScfA83WckhuO99jIwtn
Malware Config
Targets
-
-
Target
59d67d15947c1a3aa74be72acae28f06
-
Size
91KB
-
MD5
59d67d15947c1a3aa74be72acae28f06
-
SHA1
485f49d4678297e13c45e5db50a838f25395d016
-
SHA256
afeb8c143f41db59cce375f24e5a42c71039662770107de705d8581e1f4182de
-
SHA512
167c323cef1e4525d33caa66e70e73747a14f431e3d8124bf6a43e13d22178c733b8dcc6511e15a9a0a600a016dc218fa2112d1d77877b5642ecd0f7d25c96f9
-
SSDEEP
1536:PcP0dAXzppuzDGC3ItBgM6112sHSc5tA8l6+5dqckhuOvce9jIKC2aUUn/M6Ddb:PcMdAX1kABgjHScfA83WckhuO99jIwtn
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-