General

  • Target

    982b796edb96993f09e32bcd56b53bcd1754725bde0adba1a718e38350298ee4

  • Size

    115KB

  • Sample

    221108-2kmrxabfg8

  • MD5

    0b9b0490fea84a12e2d34694a88798a0

  • SHA1

    6e7458ba5c58b49f859c559ac47df87faee34e88

  • SHA256

    982b796edb96993f09e32bcd56b53bcd1754725bde0adba1a718e38350298ee4

  • SHA512

    d89ffb1e4a78a034cd64153afd7da78eadd56d9945c6201b7fffffa7ce7a183bfd4a48763f57ffcca7f4b1e5cbdc41907e56d7aeca9a54cf88fd5b1a8594043e

  • SSDEEP

    3072:3pNzRpv6k4fFlraVt0sGA56NXEbB/JICGIfF:5yldn+6NSBhI+d

Malware Config

Extracted

Family

pony

C2

http://findmynewhouse.co.uk/ponys/gate.php

http://findmynewschool.com/ponys/gate.php

http://trippling.com/ponys/gate.php

http://beachfrontconcierge.com/ponys/gate.php

Attributes
  • payload_url

    http://www.akaneuchida.com/iXLNgi2.exe

    http://proeller-shop.homepage.t-online.de/btz.exe

    http://dapingluo.com/QfvbZyn.exe

    http://weimarenterprises.com/n4t43ZqX.exe

Targets

    • Target

      982b796edb96993f09e32bcd56b53bcd1754725bde0adba1a718e38350298ee4

    • Size

      115KB

    • MD5

      0b9b0490fea84a12e2d34694a88798a0

    • SHA1

      6e7458ba5c58b49f859c559ac47df87faee34e88

    • SHA256

      982b796edb96993f09e32bcd56b53bcd1754725bde0adba1a718e38350298ee4

    • SHA512

      d89ffb1e4a78a034cd64153afd7da78eadd56d9945c6201b7fffffa7ce7a183bfd4a48763f57ffcca7f4b1e5cbdc41907e56d7aeca9a54cf88fd5b1a8594043e

    • SSDEEP

      3072:3pNzRpv6k4fFlraVt0sGA56NXEbB/JICGIfF:5yldn+6NSBhI+d

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks