General
-
Target
b7c5c6d942e93d38b8ed16d04526050fd621fdb2c7ea9f0789446949653812da.exe
-
Size
252KB
-
Sample
220521-yhz3nsdae8
-
MD5
0415e9e8594c110db1532e194f1e66ec
-
SHA1
e6116ee06369e9229338eecee908d0da11900233
-
SHA256
b7c5c6d942e93d38b8ed16d04526050fd621fdb2c7ea9f0789446949653812da
-
SHA512
ded09b9b1faf0dd263c4a713c8f1ae92a6b3f83505efeeea7a7a704a3dd4edeb97aad836702f340e765812eda557973922fc47c2d21d18098881ec7e52c7908b
Malware Config
Extracted
pony
http://limpix.usa.cc/ml/vrs/sly17/pny/2/panel/gate.php
Targets
-
-
Target
b7c5c6d942e93d38b8ed16d04526050fd621fdb2c7ea9f0789446949653812da.exe
-
Size
252KB
-
MD5
0415e9e8594c110db1532e194f1e66ec
-
SHA1
e6116ee06369e9229338eecee908d0da11900233
-
SHA256
b7c5c6d942e93d38b8ed16d04526050fd621fdb2c7ea9f0789446949653812da
-
SHA512
ded09b9b1faf0dd263c4a713c8f1ae92a6b3f83505efeeea7a7a704a3dd4edeb97aad836702f340e765812eda557973922fc47c2d21d18098881ec7e52c7908b
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-