General

  • Target

    6a7e8119f38167ce0d5e12dbbd9c9df70361ed8e732df057687baf592ab0dc0f

  • Size

    120KB

  • Sample

    221119-fh358aec49

  • MD5

    2cb0048d37cc867d053c0a089f5667e0

  • SHA1

    34b1be3f27bb823574d4f06def7d3f66a7458134

  • SHA256

    6a7e8119f38167ce0d5e12dbbd9c9df70361ed8e732df057687baf592ab0dc0f

  • SHA512

    6c16f93503310803520dfd3e27760c1864ae4596589eb281e9efe8fa4cc436e59f36083bdb9a89d5c4050a66d59c81cecdb80568279921b3ca3af3b9a2b981e8

  • SSDEEP

    3072:37V1raS7XrvSRBWimEmpLj+dmv9C5e1OE:LV1raSvvSNmPJjgmlYe1h

Malware Config

Extracted

Family

pony

C2

http://forum.xcpus.com:8080/forum/viewtopic.php

http://futuregenerationfuel.com/forum/viewtopic.php

http://homelandfuel.com/forum/viewtopic.php

http://patrioticenergy.com/forum/viewtopic.php

Attributes
  • payload_url

    http://charlemonttv.com/amfK.exe

    http://project5.ignitee.com/7rq7.exe

    http://www.inmagonzalez.com/9NMJ.exe

Targets

    • Target

      6a7e8119f38167ce0d5e12dbbd9c9df70361ed8e732df057687baf592ab0dc0f

    • Size

      120KB

    • MD5

      2cb0048d37cc867d053c0a089f5667e0

    • SHA1

      34b1be3f27bb823574d4f06def7d3f66a7458134

    • SHA256

      6a7e8119f38167ce0d5e12dbbd9c9df70361ed8e732df057687baf592ab0dc0f

    • SHA512

      6c16f93503310803520dfd3e27760c1864ae4596589eb281e9efe8fa4cc436e59f36083bdb9a89d5c4050a66d59c81cecdb80568279921b3ca3af3b9a2b981e8

    • SSDEEP

      3072:37V1raS7XrvSRBWimEmpLj+dmv9C5e1OE:LV1raSvvSNmPJjgmlYe1h

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks