General
-
Target
e9c6269ed9364634f63c9d1b10e64b80719a92b818fa7b42a9447cad3c177d5d
-
Size
114KB
-
Sample
221002-n3tfhsdhf7
-
MD5
6aff759806e90106342b82dda56e9d60
-
SHA1
ffc02e344c970aef3053586b8681c6d991fdfe2f
-
SHA256
e9c6269ed9364634f63c9d1b10e64b80719a92b818fa7b42a9447cad3c177d5d
-
SHA512
399a0467a437faf7996ae70875c11e1e8f7cd9c0fd9529aa9e167d7e207453d510f25fbe1db15fa674d0682673b02761a69ac98690f0652397cb517e98f982cd
-
SSDEEP
3072:uWVzJB1w71Yi1hNBPRY090pahtrIm2AgEUMR:uG9wD1/QRmt0mqv
Malware Config
Extracted
pony
http://dine4diabetes.com/ponyb/gate.php
http://diningfordiabetes.com/ponyb/gate.php
http://foodiesforacure.com/ponyb/gate.php
http://jtmccarter.com/ponyb/gate.php
-
payload_url
http://ebaa.daa.jp/A8HFWqy.exe
http://www.ekko-snakker.de/n9m.exe
http://plugwise.gr/VN15ik02.exe
http://fanpageserver.info/PhFJ.exe
Targets
-
-
Target
e9c6269ed9364634f63c9d1b10e64b80719a92b818fa7b42a9447cad3c177d5d
-
Size
114KB
-
MD5
6aff759806e90106342b82dda56e9d60
-
SHA1
ffc02e344c970aef3053586b8681c6d991fdfe2f
-
SHA256
e9c6269ed9364634f63c9d1b10e64b80719a92b818fa7b42a9447cad3c177d5d
-
SHA512
399a0467a437faf7996ae70875c11e1e8f7cd9c0fd9529aa9e167d7e207453d510f25fbe1db15fa674d0682673b02761a69ac98690f0652397cb517e98f982cd
-
SSDEEP
3072:uWVzJB1w71Yi1hNBPRY090pahtrIm2AgEUMR:uG9wD1/QRmt0mqv
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-