General
-
Target
2179aa1c140e4331a3fb2dfcb0c18c54e452c2d64d7c7f9d75652500474e2342
-
Size
86KB
-
Sample
221002-rcnn5abdck
-
MD5
718d5e06386a9793394656714f007e50
-
SHA1
73ba3f15bf7988b139a798be8177ec0feef3ae9c
-
SHA256
2179aa1c140e4331a3fb2dfcb0c18c54e452c2d64d7c7f9d75652500474e2342
-
SHA512
9a4f9e88bfa17ea636d2f0762ce24c8b11929355f5fd06e9e9fb80c8677fa12c83d174278f2fec7707095111ffd376a3da79681ac82d59bebdc18dbbac6bec24
-
SSDEEP
1536:oF+jDEG/fmb1fwFqbkHmg0J2mFbc121WsHZyuh+Z6sLm6+uML/3:fn541fEmFlB55+Ms0P
Malware Config
Extracted
pony
http://kjytrf.pw:4915/doc/black.php
http://kjytrf.pw:888/doc/black.php
-
payload_url
http://jytrru.pw:888/pic/Flash.exe
Targets
-
-
Target
2179aa1c140e4331a3fb2dfcb0c18c54e452c2d64d7c7f9d75652500474e2342
-
Size
86KB
-
MD5
718d5e06386a9793394656714f007e50
-
SHA1
73ba3f15bf7988b139a798be8177ec0feef3ae9c
-
SHA256
2179aa1c140e4331a3fb2dfcb0c18c54e452c2d64d7c7f9d75652500474e2342
-
SHA512
9a4f9e88bfa17ea636d2f0762ce24c8b11929355f5fd06e9e9fb80c8677fa12c83d174278f2fec7707095111ffd376a3da79681ac82d59bebdc18dbbac6bec24
-
SSDEEP
1536:oF+jDEG/fmb1fwFqbkHmg0J2mFbc121WsHZyuh+Z6sLm6+uML/3:fn541fEmFlB55+Ms0P
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-