General
-
Target
cb2e1d1d944f5eeabebe9ca9a111ca8d709774147ecaf6faadb885731792358c.exe
-
Size
196KB
-
Sample
210714-52zghev2e6
-
MD5
d72b77266894e5e723fe7504ec9b6c52
-
SHA1
c78f52e769b57c932b36796f92f386282c9d1171
-
SHA256
cb2e1d1d944f5eeabebe9ca9a111ca8d709774147ecaf6faadb885731792358c
-
SHA512
518044257a87e3e6f1506979bd18911a9db21bbd0be634d57942ba801a70a78f38d7e53a48be57f0c1086b70e859e131eab6511fa31c9c43abfa86a489f619a1
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://66.175.211.144/pony/gate.php
-
payload_url
http://woofandme.com/V9DwYJtb/Gep.exe
Targets
-
-
Target
cb2e1d1d944f5eeabebe9ca9a111ca8d709774147ecaf6faadb885731792358c.exe
-
Size
196KB
-
MD5
d72b77266894e5e723fe7504ec9b6c52
-
SHA1
c78f52e769b57c932b36796f92f386282c9d1171
-
SHA256
cb2e1d1d944f5eeabebe9ca9a111ca8d709774147ecaf6faadb885731792358c
-
SHA512
518044257a87e3e6f1506979bd18911a9db21bbd0be634d57942ba801a70a78f38d7e53a48be57f0c1086b70e859e131eab6511fa31c9c43abfa86a489f619a1
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-