General

  • Target

    c0c6bb78e520b096bbdc606deb3f6476d2df29a982cc4efabc899a81b819c520

  • Size

    136KB

  • Sample

    221108-1nfx4abhgm

  • MD5

    0d49f5cacf7b65a277c392c9342e4170

  • SHA1

    d1e04d5ca3e6418571a54d7ad4dc41594ad06d5b

  • SHA256

    c0c6bb78e520b096bbdc606deb3f6476d2df29a982cc4efabc899a81b819c520

  • SHA512

    094f4526a1e8a87deac8452269148cd486f8a39f2a1bd7b49fe0795f4710332e7d0fbeeafda44ea17a93b9234d3a8ca3ab73335a829aeaac0268ed7de1ffdb33

  • SSDEEP

    3072:9MhsxvhtT8Nl/It8x2RuipNKIYEWNrrOTB:9QsrtWl/UdpNKIYVvOT

Malware Config

Extracted

Family

pony

C2

http://190.81.149.106:8080/forum/viewtopic.php

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://laserliposolution.com/forum/viewtopic.php

http://laserlipotight.com/forum/viewtopic.php

Attributes
  • payload_url

    http://marklawllc.com/b80X2TVz.exe

    http://173.192.39.2/VqeF3.exe

    http://vogel-modellbau.de/VWb0y.exe

Targets

    • Target

      c0c6bb78e520b096bbdc606deb3f6476d2df29a982cc4efabc899a81b819c520

    • Size

      136KB

    • MD5

      0d49f5cacf7b65a277c392c9342e4170

    • SHA1

      d1e04d5ca3e6418571a54d7ad4dc41594ad06d5b

    • SHA256

      c0c6bb78e520b096bbdc606deb3f6476d2df29a982cc4efabc899a81b819c520

    • SHA512

      094f4526a1e8a87deac8452269148cd486f8a39f2a1bd7b49fe0795f4710332e7d0fbeeafda44ea17a93b9234d3a8ca3ab73335a829aeaac0268ed7de1ffdb33

    • SSDEEP

      3072:9MhsxvhtT8Nl/It8x2RuipNKIYEWNrrOTB:9QsrtWl/UdpNKIYVvOT

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks