General

  • Target

    12e1ae5ac6ee79d78a9003712675df88a8c44c5c66903b95e804a2efe2b496e5

  • Size

    125KB

  • Sample

    221119-fh6aksac3s

  • MD5

    47f70121063528f66d6d6006dadfec9d

  • SHA1

    545c54a90f2234ac69dfc856a01041d3c1e87cbb

  • SHA256

    12e1ae5ac6ee79d78a9003712675df88a8c44c5c66903b95e804a2efe2b496e5

  • SHA512

    e1d40a5271e1f9bec304131ba231a20b402a0b6c373e4b28e220a667344ba66e96009dd10fdfafd535b8f25168d0360365502321ce298242affde907d48ae2f1

  • SSDEEP

    3072:9lg8XOc2+NPMFVHS27qi1tI92IFRK7Gx8fpYaX4DZKESYHD:q+Cr9B62IHK0GR49

Malware Config

Extracted

Family

pony

C2

http://bhhsrelocation.com/forum/viewtopic.php

http://bhhssanantonio.com/forum/viewtopic.php

http://bhpenfed.com/forum/viewtopic.php

http://brianandkelsey.com/forum/viewtopic.php

Attributes
  • payload_url

    http://dlacton.com/fM5.exe

    http://topseoseobestpractices.com/mbTcd.exe

    http://02af571.netsolhost.com/s07Sc.exe

Targets

    • Target

      12e1ae5ac6ee79d78a9003712675df88a8c44c5c66903b95e804a2efe2b496e5

    • Size

      125KB

    • MD5

      47f70121063528f66d6d6006dadfec9d

    • SHA1

      545c54a90f2234ac69dfc856a01041d3c1e87cbb

    • SHA256

      12e1ae5ac6ee79d78a9003712675df88a8c44c5c66903b95e804a2efe2b496e5

    • SHA512

      e1d40a5271e1f9bec304131ba231a20b402a0b6c373e4b28e220a667344ba66e96009dd10fdfafd535b8f25168d0360365502321ce298242affde907d48ae2f1

    • SSDEEP

      3072:9lg8XOc2+NPMFVHS27qi1tI92IFRK7Gx8fpYaX4DZKESYHD:q+Cr9B62IHK0GR49

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks