General

  • Target

    B9CFACCE31AC73F06FE0F6ED3393024FD2503881FF7DB.exe

  • Size

    196KB

  • Sample

    210718-9vbpvm28se

  • MD5

    469a2bd68eec3b9262aae35bbdc51dba

  • SHA1

    0743e88065be5e5cb8a4abe6774296c5d10dd2c7

  • SHA256

    b9cfacce31ac73f06fe0f6ed3393024fd2503881ff7dba105031a1fd0c932083

  • SHA512

    a8eabdd519502a34d5bfbde06921409830d94f7be73a667ab538722eb7d4ac6a13f466dd1ba4f0e2783bccde8a43b4eaf2e17faecc37107260068a5e3e71ccac

Malware Config

Extracted

Family

pony

C2

http://nelson.shiponka.com.de/panel/gate.php

Targets

    • Target

      B9CFACCE31AC73F06FE0F6ED3393024FD2503881FF7DB.exe

    • Size

      196KB

    • MD5

      469a2bd68eec3b9262aae35bbdc51dba

    • SHA1

      0743e88065be5e5cb8a4abe6774296c5d10dd2c7

    • SHA256

      b9cfacce31ac73f06fe0f6ed3393024fd2503881ff7dba105031a1fd0c932083

    • SHA512

      a8eabdd519502a34d5bfbde06921409830d94f7be73a667ab538722eb7d4ac6a13f466dd1ba4f0e2783bccde8a43b4eaf2e17faecc37107260068a5e3e71ccac

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

3
T1005

Tasks