General
-
Target
df9c3099dfb96c95d7bf6784548d292037fd9d5bfdf3f613320b1804bddec7bd
-
Size
126KB
-
Sample
221001-12acgahea2
-
MD5
74b1829ed9297e1c3b0b8d4f41562690
-
SHA1
1dd11d354af9ed25c4529c28dc7ba4a1a8f3ab97
-
SHA256
df9c3099dfb96c95d7bf6784548d292037fd9d5bfdf3f613320b1804bddec7bd
-
SHA512
9b8ceb6c9691f1790f8b6090815dd29aee877e83c14551d4badf1a99cb49ed88386e8044e253f92f713a3d8d7467fc5a1fa99c80d3236da2d59215e4a638a324
-
SSDEEP
3072:PAk8K4Od5DluGD15Scz5kJl/kgd9hcXD6Zz:r8c9lXHz5kXDeD4z
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://whereweplaying.com/forum/viewtopic.php
http://reubenpacheco.tv/forum/viewtopic.php
http://sherman-oaks-condos-for-sale.com/forum/viewtopic.php
-
payload_url
http://bartenderreview.com/VGJ5jE7i.exe
http://applehospital.com/nHuGh31.exe
http://scambio.meloni.it/di7Uag.exe
Targets
-
-
Target
df9c3099dfb96c95d7bf6784548d292037fd9d5bfdf3f613320b1804bddec7bd
-
Size
126KB
-
MD5
74b1829ed9297e1c3b0b8d4f41562690
-
SHA1
1dd11d354af9ed25c4529c28dc7ba4a1a8f3ab97
-
SHA256
df9c3099dfb96c95d7bf6784548d292037fd9d5bfdf3f613320b1804bddec7bd
-
SHA512
9b8ceb6c9691f1790f8b6090815dd29aee877e83c14551d4badf1a99cb49ed88386e8044e253f92f713a3d8d7467fc5a1fa99c80d3236da2d59215e4a638a324
-
SSDEEP
3072:PAk8K4Od5DluGD15Scz5kJl/kgd9hcXD6Zz:r8c9lXHz5kXDeD4z
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-