General
-
Target
abf83da3d409c50a5fd62fb4150880d726765e49b9abf1b61095d9caa0952d61
-
Size
91KB
-
Sample
221019-taqrtaeed6
-
MD5
921fec705e471d7aea295c1ba395a8c6
-
SHA1
8b727e81493a5fe219b58080afdacb1a7ed65dc3
-
SHA256
abf83da3d409c50a5fd62fb4150880d726765e49b9abf1b61095d9caa0952d61
-
SHA512
6d6af9c765f9561ca1d9132f1140347cc4a617de714b09ccda3eaebd8a854dbc90535d7e3ca4ca6c4469f0aadc2ee940bfe6afe17903e9b176264793ca9b7f57
-
SSDEEP
1536:0t+CukEmJ4qTQwfHgwj1vwlENE5gmQTgOlcmTvckzbg/m:mxDEYfLj1vGuEcgOltg/m
Malware Config
Extracted
pony
http://dsostermanlaw.com/forum/viewtopic.php
http://nefcapital.com/forum/viewtopic.php
http://acedataintelligence.com/forum/viewtopic.php
http://acedataintelligence.net/forum/viewtopic.php
-
payload_url
http://0367384.netsolhost.com/6n0J.exe
http://mlcimaging.com/1CkJvUG.exe
http://87.106.24.246/kwBamUQu.exe
Targets
-
-
Target
abf83da3d409c50a5fd62fb4150880d726765e49b9abf1b61095d9caa0952d61
-
Size
91KB
-
MD5
921fec705e471d7aea295c1ba395a8c6
-
SHA1
8b727e81493a5fe219b58080afdacb1a7ed65dc3
-
SHA256
abf83da3d409c50a5fd62fb4150880d726765e49b9abf1b61095d9caa0952d61
-
SHA512
6d6af9c765f9561ca1d9132f1140347cc4a617de714b09ccda3eaebd8a854dbc90535d7e3ca4ca6c4469f0aadc2ee940bfe6afe17903e9b176264793ca9b7f57
-
SSDEEP
1536:0t+CukEmJ4qTQwfHgwj1vwlENE5gmQTgOlcmTvckzbg/m:mxDEYfLj1vGuEcgOltg/m
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-