General

  • Target

    b0beaa8868f18523273471589e8fa6fec3efd996622b37d7cd5c3e32a40d5ca7

  • Size

    94KB

  • Sample

    221002-precwsgefr

  • MD5

    6787367d68fb49a10e381beb84d140b0

  • SHA1

    6dcb6116f83cedc9dc1a530ba65a941f92cdc13c

  • SHA256

    b0beaa8868f18523273471589e8fa6fec3efd996622b37d7cd5c3e32a40d5ca7

  • SHA512

    37a668904d96030c57145fb4a6329637fc5d28e59b095b3ee84062f7099b7bc6a836bf3c03a8d29d942074177738f2308149c5fafdda829d76bae8b2f163856d

  • SSDEEP

    1536:Feu7bf+VuA6C1QC5s2DnT9HuU8tolo5KEukkgNvMNRPe2P02Rh21417FvZ4fUGAL:FZmu1C5rbT9HN8alo4CjNvMTPeLQh21n

Malware Config

Extracted

Family

pony

C2

http://skpoydy.pw:4915/way/like.php

http://sotyksy.pw:4915/way/like.php

Targets

    • Target

      b0beaa8868f18523273471589e8fa6fec3efd996622b37d7cd5c3e32a40d5ca7

    • Size

      94KB

    • MD5

      6787367d68fb49a10e381beb84d140b0

    • SHA1

      6dcb6116f83cedc9dc1a530ba65a941f92cdc13c

    • SHA256

      b0beaa8868f18523273471589e8fa6fec3efd996622b37d7cd5c3e32a40d5ca7

    • SHA512

      37a668904d96030c57145fb4a6329637fc5d28e59b095b3ee84062f7099b7bc6a836bf3c03a8d29d942074177738f2308149c5fafdda829d76bae8b2f163856d

    • SSDEEP

      1536:Feu7bf+VuA6C1QC5s2DnT9HuU8tolo5KEukkgNvMNRPe2P02Rh21417FvZ4fUGAL:FZmu1C5rbT9HN8alo4CjNvMTPeLQh21n

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Tasks