General
-
Target
38994ecc32b9ed7ea6e3356a14249321f3d8d1d919eaa880d7303b5bb15433e2
-
Size
95KB
-
Sample
221002-q39hvaahcr
-
MD5
668b7123b479230533fc39c947d3e940
-
SHA1
40dd96f1c9060ab3a40ffcb836fabeaec8efd6b2
-
SHA256
38994ecc32b9ed7ea6e3356a14249321f3d8d1d919eaa880d7303b5bb15433e2
-
SHA512
2f35c817252370889770a2e6a48bd88fa98ac40203163577ec0f8a1780d68a93ad016f44c9cbf91c6d213613a9d2ab430265ce2ebc2c146b86c236552392468b
-
SSDEEP
1536:mbx0UXVZOXROVG5KW1mcjtNyyLJTMrh811ya4ErxAznQg3UhHV99ZtauyG+:kNOXR4G5H3NjTMC1NBgEjfxyG
Malware Config
Extracted
pony
http://kdsogeu.pw:4915/way/like.php
http://mgfdkfy.pw:4915/way/like.php
Targets
-
-
Target
38994ecc32b9ed7ea6e3356a14249321f3d8d1d919eaa880d7303b5bb15433e2
-
Size
95KB
-
MD5
668b7123b479230533fc39c947d3e940
-
SHA1
40dd96f1c9060ab3a40ffcb836fabeaec8efd6b2
-
SHA256
38994ecc32b9ed7ea6e3356a14249321f3d8d1d919eaa880d7303b5bb15433e2
-
SHA512
2f35c817252370889770a2e6a48bd88fa98ac40203163577ec0f8a1780d68a93ad016f44c9cbf91c6d213613a9d2ab430265ce2ebc2c146b86c236552392468b
-
SSDEEP
1536:mbx0UXVZOXROVG5KW1mcjtNyyLJTMrh811ya4ErxAznQg3UhHV99ZtauyG+:kNOXR4G5H3NjTMC1NBgEjfxyG
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Drops file in Drivers directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-