General
-
Target
f88f088215b87dfe96013d8bce800c70d698b4050e2eff4b8033103bc1b6f2d6
-
Size
283KB
-
Sample
221003-aqpd5sghc8
-
MD5
0676d0466ee5cc5d937a7704830c7401
-
SHA1
18bae5cf5c40e53e1fd71a899047110d641616eb
-
SHA256
f88f088215b87dfe96013d8bce800c70d698b4050e2eff4b8033103bc1b6f2d6
-
SHA512
b0883ec39b9e4494d4042ed08619aae6e0806a63f26f810f0075ab765b3f6b9e1aa5c11bd1d6ee5a1f91346cc9e385e679537b8898d4cfe1e35f5a62fe9ed800
-
SSDEEP
3072:VNJAOXTBxdiKcnAiABApAHY1A6AlA7AUGn/Xmona8eAnuTCt2xbzmyoaq6rcYsck:VN3RnjxyB8EBUQ2a8Ldx
Malware Config
Extracted
pony
http://saharaspamx.favcc1.com/gate.php
Targets
-
-
Target
f88f088215b87dfe96013d8bce800c70d698b4050e2eff4b8033103bc1b6f2d6
-
Size
283KB
-
MD5
0676d0466ee5cc5d937a7704830c7401
-
SHA1
18bae5cf5c40e53e1fd71a899047110d641616eb
-
SHA256
f88f088215b87dfe96013d8bce800c70d698b4050e2eff4b8033103bc1b6f2d6
-
SHA512
b0883ec39b9e4494d4042ed08619aae6e0806a63f26f810f0075ab765b3f6b9e1aa5c11bd1d6ee5a1f91346cc9e385e679537b8898d4cfe1e35f5a62fe9ed800
-
SSDEEP
3072:VNJAOXTBxdiKcnAiABApAHY1A6AlA7AUGn/Xmona8eAnuTCt2xbzmyoaq6rcYsck:VN3RnjxyB8EBUQ2a8Ldx
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-