General
-
Target
55c271d31b4efb0efbe161644917c67ecb46c8c360a5d1f87d64cd4abcd823bd
-
Size
563KB
-
Sample
221003-b9k2hacgdj
-
MD5
62c545fe685224ac6e049f7640442510
-
SHA1
b7d816c60e58449181bd51470cc527e431e19e84
-
SHA256
55c271d31b4efb0efbe161644917c67ecb46c8c360a5d1f87d64cd4abcd823bd
-
SHA512
c12d4196a5da59fb69909fb985c0df890012b9b26892482c41b600ac367ced5db37e0c31632d8b9eb0e266e365bf1a6e8ff30dcce2c278304ff716d27d2497f1
-
SSDEEP
6144:5DTGuooduXxcBCl0uXRQ3BrgpLA8uOg7M99XRuP8d6LWsMZHZrMDM6bMdcM+MMbj:EuMAq5Q3BUxA8uOg7M99XRuPfTQLUp
Malware Config
Extracted
pony
http://trinimaxzimuxus.net/saly88/gate.php
Targets
-
-
Target
55c271d31b4efb0efbe161644917c67ecb46c8c360a5d1f87d64cd4abcd823bd
-
Size
563KB
-
MD5
62c545fe685224ac6e049f7640442510
-
SHA1
b7d816c60e58449181bd51470cc527e431e19e84
-
SHA256
55c271d31b4efb0efbe161644917c67ecb46c8c360a5d1f87d64cd4abcd823bd
-
SHA512
c12d4196a5da59fb69909fb985c0df890012b9b26892482c41b600ac367ced5db37e0c31632d8b9eb0e266e365bf1a6e8ff30dcce2c278304ff716d27d2497f1
-
SSDEEP
6144:5DTGuooduXxcBCl0uXRQ3BrgpLA8uOg7M99XRuP8d6LWsMZHZrMDM6bMdcM+MMbj:EuMAq5Q3BUxA8uOg7M99XRuPfTQLUp
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-