General
-
Target
9446c8e8032b1b19d9bbbdd03dd71fd2
-
Size
91KB
-
Sample
240206-kj7bgsdgdn
-
MD5
9446c8e8032b1b19d9bbbdd03dd71fd2
-
SHA1
cbde1b3e0b4fe0ba557b7c6c084d993482f1dea3
-
SHA256
dd2a2fd966f79a518770b73c2a1930f788ac59cfaa69e41fa02e300073c88e64
-
SHA512
2ecf8aa21983ead52d5d15e20290244a9fad9e52bdeeeded4e73f7bdd6a58fba3d67f6dabbec241ae39a57ab0f299362c845bc35375370158849e517c0cf8f4c
-
SSDEEP
1536:IUtDZdXGI3JQT9Mx/z/w59m6Vm+f/jjB8p3gmgiTfQ+0v+M1gCtmlgTxcvRkiaLC:IUtDrXzC9MZT2Df/jqBgmgiTflgbgVR7
Malware Config
Targets
-
-
Target
9446c8e8032b1b19d9bbbdd03dd71fd2
-
Size
91KB
-
MD5
9446c8e8032b1b19d9bbbdd03dd71fd2
-
SHA1
cbde1b3e0b4fe0ba557b7c6c084d993482f1dea3
-
SHA256
dd2a2fd966f79a518770b73c2a1930f788ac59cfaa69e41fa02e300073c88e64
-
SHA512
2ecf8aa21983ead52d5d15e20290244a9fad9e52bdeeeded4e73f7bdd6a58fba3d67f6dabbec241ae39a57ab0f299362c845bc35375370158849e517c0cf8f4c
-
SSDEEP
1536:IUtDZdXGI3JQT9Mx/z/w59m6Vm+f/jjB8p3gmgiTfQ+0v+M1gCtmlgTxcvRkiaLC:IUtDrXzC9MZT2Df/jqBgmgiTflgbgVR7
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-