General
-
Target
1680f22f6e582b9b81854a88f7eac3ebcb4420568f62cc5486fb3c8284681d91
-
Size
132KB
-
Sample
221001-21f93acchn
-
MD5
6c6299ccb86ac40a5c5dde661d18eff0
-
SHA1
42e1b58f90602e010a748b2188e76012fe145c85
-
SHA256
1680f22f6e582b9b81854a88f7eac3ebcb4420568f62cc5486fb3c8284681d91
-
SHA512
6890e03d31dc4875a565f64536a975919c211f61049bc31878ad5463f3fde8f2033702710691bd404c91d18b5e195d385e49ed2e5885b779a852cb42379afd97
-
SSDEEP
3072:NZUhuWtOW9JDxlfZWL2L2PC94jax3gQaVlheP:suWJ9J97k2L2PCejax3xaeP
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://116.122.158.195:8080/forum/viewtopic.php
http://mobileincomeopportunities.com/forum/viewtopic.php
http://mobiletextopportunity.com/forum/viewtopic.php
-
payload_url
http://workingschool.dk/ix3NbS2.exe
http://briteplc.com/1K6CsgNN.exe
http://rigbers.de/RCKcJp.exe
Targets
-
-
Target
1680f22f6e582b9b81854a88f7eac3ebcb4420568f62cc5486fb3c8284681d91
-
Size
132KB
-
MD5
6c6299ccb86ac40a5c5dde661d18eff0
-
SHA1
42e1b58f90602e010a748b2188e76012fe145c85
-
SHA256
1680f22f6e582b9b81854a88f7eac3ebcb4420568f62cc5486fb3c8284681d91
-
SHA512
6890e03d31dc4875a565f64536a975919c211f61049bc31878ad5463f3fde8f2033702710691bd404c91d18b5e195d385e49ed2e5885b779a852cb42379afd97
-
SSDEEP
3072:NZUhuWtOW9JDxlfZWL2L2PC94jax3gQaVlheP:suWJ9J97k2L2PCejax3xaeP
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-