General

  • Target

    1a2d07171434b8c5847d1acc5b2775d4fe1877a54de5859770913f0e1d3fa479.exe

  • Size

    1.1MB

  • Sample

    241217-3qx1hatrfj

  • MD5

    a370612620a69cfb69fefeb2459d1817

  • SHA1

    45f2bff68eb1698175baab3bd264e635ee7b31d2

  • SHA256

    1a2d07171434b8c5847d1acc5b2775d4fe1877a54de5859770913f0e1d3fa479

  • SHA512

    24ed89ec784e4adbf842197f1025f3895deff48cb6a3d68e47978f039608c8036b8dbc5fa15b3f50ea99287e9b958dca5e1d263307302ab29fc60a4d7f405c89

  • SSDEEP

    24576:SgocyX3+Qit40VVnNfy+CWD+rjxfbVOhj1BY+:+puQq40VVNawDWzsNY+

Malware Config

Targets

    • Target

      1a2d07171434b8c5847d1acc5b2775d4fe1877a54de5859770913f0e1d3fa479.exe

    • Size

      1.1MB

    • MD5

      a370612620a69cfb69fefeb2459d1817

    • SHA1

      45f2bff68eb1698175baab3bd264e635ee7b31d2

    • SHA256

      1a2d07171434b8c5847d1acc5b2775d4fe1877a54de5859770913f0e1d3fa479

    • SHA512

      24ed89ec784e4adbf842197f1025f3895deff48cb6a3d68e47978f039608c8036b8dbc5fa15b3f50ea99287e9b958dca5e1d263307302ab29fc60a4d7f405c89

    • SSDEEP

      24576:SgocyX3+Qit40VVnNfy+CWD+rjxfbVOhj1BY+:+puQq40VVNawDWzsNY+

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • UAC bypass

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.