General

  • Target

    a9ae03503255e74267f1986b3145f43eb1faaa14c8b38bbc2a826d7fbab851dc

  • Size

    120KB

  • Sample

    221108-14c65scgaj

  • MD5

    0171caeb8beef70f9916228e0112f150

  • SHA1

    c8b5dbfc4038dbadeb766573a9259ca20d164449

  • SHA256

    a9ae03503255e74267f1986b3145f43eb1faaa14c8b38bbc2a826d7fbab851dc

  • SHA512

    32c92e4527f75cd5189cdbcd1f89e64a67b8ae35a5593ae3e50656fedc00cf2c77f628bb1b696285d21d8734c77fb426b374fa63ff5ed64a412bd8c67613c768

  • SSDEEP

    3072:O/pbO4QCFal3QHIfYdy9mFbbvhvOlC266iS/Ab4paCKOvN:mJuCA3QofY0oJz5O1Zibb46OvN

Malware Config

Extracted

Family

pony

C2

http://eguttersupply.com/ponys/gate.php

http://filterflowgutterguard.com/ponys/gate.php

http://guttersupply.mobi/ponys/gate.php

http://iguttersupply.com/ponys/gate.php

Attributes
  • payload_url

    http://privatesavings.ca/CN9jpGK.exe

    http://spireportal.net/MYWJg.exe

    http://ftp.myfxpips.com/RwZy.exe

    http://weimarenterprises.com/n4t43ZqX.exe

Targets

    • Target

      a9ae03503255e74267f1986b3145f43eb1faaa14c8b38bbc2a826d7fbab851dc

    • Size

      120KB

    • MD5

      0171caeb8beef70f9916228e0112f150

    • SHA1

      c8b5dbfc4038dbadeb766573a9259ca20d164449

    • SHA256

      a9ae03503255e74267f1986b3145f43eb1faaa14c8b38bbc2a826d7fbab851dc

    • SHA512

      32c92e4527f75cd5189cdbcd1f89e64a67b8ae35a5593ae3e50656fedc00cf2c77f628bb1b696285d21d8734c77fb426b374fa63ff5ed64a412bd8c67613c768

    • SSDEEP

      3072:O/pbO4QCFal3QHIfYdy9mFbbvhvOlC266iS/Ab4paCKOvN:mJuCA3QofY0oJz5O1Zibb46OvN

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks