General

  • Target

    BBFA53306EFE38A0F93D4E3A21ACD8C7171A8D7187767.exe

  • Size

    145KB

  • Sample

    221110-lv3ccaggd2

  • MD5

    ded1a98de51884ce32a29bd8c5d20065

  • SHA1

    c20eb6d8374ca201c8fab06601e318914e404a0b

  • SHA256

    bbfa53306efe38a0f93d4e3a21acd8c7171a8d7187767479746566b967605c05

  • SHA512

    d96e5237d4fdef9913e0dd150ee82c2436c8735efe42e83d3fe29212c0ed5f017bc232bdd35087d5c2548a9be6161a1236cd99d408ebb31504795e9f33374a8c

  • SSDEEP

    3072:8nLc57faEHNvVcH3ZJe57Z2PQjKRs+BwwXM0m1Gj55r5xpcD:KuGehVGE/j6d21u55rvp

Malware Config

Extracted

Family

pony

C2

http://androidtablets.co.uk/php/gate.php

Targets

    • Target

      BBFA53306EFE38A0F93D4E3A21ACD8C7171A8D7187767.exe

    • Size

      145KB

    • MD5

      ded1a98de51884ce32a29bd8c5d20065

    • SHA1

      c20eb6d8374ca201c8fab06601e318914e404a0b

    • SHA256

      bbfa53306efe38a0f93d4e3a21acd8c7171a8d7187767479746566b967605c05

    • SHA512

      d96e5237d4fdef9913e0dd150ee82c2436c8735efe42e83d3fe29212c0ed5f017bc232bdd35087d5c2548a9be6161a1236cd99d408ebb31504795e9f33374a8c

    • SSDEEP

      3072:8nLc57faEHNvVcH3ZJe57Z2PQjKRs+BwwXM0m1Gj55r5xpcD:KuGehVGE/j6d21u55rvp

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks