General
-
Target
5c4a3db950ada109036f3512dc8e17fba1dc15d7d226bacd91f6bf0342382ab3
-
Size
305KB
-
Sample
221003-c1wbjscde8
-
MD5
2ddec48c25a40ed729b266ce4148aba9
-
SHA1
51101547eddd49f84df3010afadc1daab1bced95
-
SHA256
5c4a3db950ada109036f3512dc8e17fba1dc15d7d226bacd91f6bf0342382ab3
-
SHA512
20cc4ad3876dbadfb98f39d28b15cbaf8d9807563a27d85b1d2fc967ef30179edcdd602aa3c0ab0dadc5db58e06615463764adda673acaa3c240e0d6e7e2acbf
-
SSDEEP
6144:pSLnlItahCJrxjwDyf+PzOgSV8SJiiTE:ULnm4hcrxj4PzO/u
Malware Config
Extracted
pony
http://muzukashibrashinki.net/mozie55/gate.php
Targets
-
-
Target
5c4a3db950ada109036f3512dc8e17fba1dc15d7d226bacd91f6bf0342382ab3
-
Size
305KB
-
MD5
2ddec48c25a40ed729b266ce4148aba9
-
SHA1
51101547eddd49f84df3010afadc1daab1bced95
-
SHA256
5c4a3db950ada109036f3512dc8e17fba1dc15d7d226bacd91f6bf0342382ab3
-
SHA512
20cc4ad3876dbadfb98f39d28b15cbaf8d9807563a27d85b1d2fc967ef30179edcdd602aa3c0ab0dadc5db58e06615463764adda673acaa3c240e0d6e7e2acbf
-
SSDEEP
6144:pSLnlItahCJrxjwDyf+PzOgSV8SJiiTE:ULnm4hcrxj4PzO/u
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-