General
-
Target
b5194089c672957913c3056fa54ebdc903646730b117cf59a268b45e3ebd28b4
-
Size
97KB
-
Sample
221002-ppqcdagebj
-
MD5
6dc5205c6a0ea14696361bdb4c7d0930
-
SHA1
211235345685a17dbf052775c06ba8ab6732823e
-
SHA256
b5194089c672957913c3056fa54ebdc903646730b117cf59a268b45e3ebd28b4
-
SHA512
643ceb1d84d5c4d0b9f92a7539b5fed6f739a7b47a16d01277ff544a8ea55ab9c9ffc0484a6beb04253bd27ea04f522fd662cfcc982a015a606348e0377b24e9
-
SSDEEP
1536:tgLSZJP3QDk6pa2MHUOvleaUmVnN4Pvwjdjuio31D3fQQQfI:tgLSLPZ680OvlesrmIjdjXolD3YZfI
Malware Config
Extracted
pony
http://ksleak.info:4915/pic/staff.php
http://ktagty.info:4915/pic/staff.php
Targets
-
-
Target
b5194089c672957913c3056fa54ebdc903646730b117cf59a268b45e3ebd28b4
-
Size
97KB
-
MD5
6dc5205c6a0ea14696361bdb4c7d0930
-
SHA1
211235345685a17dbf052775c06ba8ab6732823e
-
SHA256
b5194089c672957913c3056fa54ebdc903646730b117cf59a268b45e3ebd28b4
-
SHA512
643ceb1d84d5c4d0b9f92a7539b5fed6f739a7b47a16d01277ff544a8ea55ab9c9ffc0484a6beb04253bd27ea04f522fd662cfcc982a015a606348e0377b24e9
-
SSDEEP
1536:tgLSZJP3QDk6pa2MHUOvleaUmVnN4Pvwjdjuio31D3fQQQfI:tgLSLPZ680OvlesrmIjdjXolD3YZfI
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Drops file in Drivers directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-