General

  • Target

    d28c91659e72638828f791ad9ba8de8c5d33cb6bc4c20c4ac38c48e0704f338f

  • Size

    123KB

  • Sample

    221108-1bhk6ahga3

  • MD5

    02f970e0f84cdfb311c31817629aea01

  • SHA1

    5d49b12ea8d701c1fc41823d18c686e40a9c4faf

  • SHA256

    d28c91659e72638828f791ad9ba8de8c5d33cb6bc4c20c4ac38c48e0704f338f

  • SHA512

    97727fd263a11a848ea223a703d8c0645b11800915ced36349e135d9b4d55b2f15cd3d35569a9fdf90003d47bd323724c46264d80b0409dd11a9881a2f84b6a7

  • SSDEEP

    3072:f7Lm1S7aWY+W1S3Nb2MZ4d2Gy/JMtJVsceWdLA:f7q1uW1BMhbJMpTdLA

Malware Config

Extracted

Family

pony

C2

http://lvconcordecontracting.com/forum/viewtopic.php

http://mcbelectrical.ca/forum/viewtopic.php

http://oliviagurun.com/forum/viewtopic.php

http://onecable.ca/forum/viewtopic.php

Attributes
  • payload_url

    http://ftp.pexgol.com/bm6dog.exe

    http://67.158.38.155/jiKEb8.exe

    http://www.bethererepair.com/AcvAVk.exe

    http://aasthakitchen.com/vMTXwWg.exe

Targets

    • Target

      d28c91659e72638828f791ad9ba8de8c5d33cb6bc4c20c4ac38c48e0704f338f

    • Size

      123KB

    • MD5

      02f970e0f84cdfb311c31817629aea01

    • SHA1

      5d49b12ea8d701c1fc41823d18c686e40a9c4faf

    • SHA256

      d28c91659e72638828f791ad9ba8de8c5d33cb6bc4c20c4ac38c48e0704f338f

    • SHA512

      97727fd263a11a848ea223a703d8c0645b11800915ced36349e135d9b4d55b2f15cd3d35569a9fdf90003d47bd323724c46264d80b0409dd11a9881a2f84b6a7

    • SSDEEP

      3072:f7Lm1S7aWY+W1S3Nb2MZ4d2Gy/JMtJVsceWdLA:f7q1uW1BMhbJMpTdLA

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks