General
-
Target
4826e3b7b75346cc1e5f8749b64c2fc157b8a6ea9960443c2f673c0755058b22.exe
-
Size
168KB
-
Sample
220521-yhyjvagbhp
-
MD5
2126e1141639d3f1c212eedd90e42411
-
SHA1
7e53037d6156a8363d3348c20be1525a816344a1
-
SHA256
4826e3b7b75346cc1e5f8749b64c2fc157b8a6ea9960443c2f673c0755058b22
-
SHA512
9d535798a03ba72641051a172104bbe21d6fe9cb02919fc74d8388853b19ab7b9ed88ddd58091f5d11866d2ecf07b6123f203a294b1443acf47cc4eac12abe0d
Malware Config
Extracted
pony
http://cp.saol.com/cgi_bins/team/panel/gate.php
Targets
-
-
Target
4826e3b7b75346cc1e5f8749b64c2fc157b8a6ea9960443c2f673c0755058b22.exe
-
Size
168KB
-
MD5
2126e1141639d3f1c212eedd90e42411
-
SHA1
7e53037d6156a8363d3348c20be1525a816344a1
-
SHA256
4826e3b7b75346cc1e5f8749b64c2fc157b8a6ea9960443c2f673c0755058b22
-
SHA512
9d535798a03ba72641051a172104bbe21d6fe9cb02919fc74d8388853b19ab7b9ed88ddd58091f5d11866d2ecf07b6123f203a294b1443acf47cc4eac12abe0d
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-