General

  • Target

    e3534acbc2748eb0790198f8f47127da75b3fac4b822104b650b208d7d7d9135

  • Size

    114KB

  • Sample

    221119-g14edagd97

  • MD5

    1f0e7fc2f3c6da762aaff8ce320bc53f

  • SHA1

    07dac644de588a265856f89aa3926191886dbd75

  • SHA256

    e3534acbc2748eb0790198f8f47127da75b3fac4b822104b650b208d7d7d9135

  • SHA512

    4a6b39cbe1f2b2e0d0298f0a4714b1677032d1a6e200078cd867475c5ee9f11085d2b2888a88aced3f154268bc982e7d6545274b8bbb0c5e180604195f62ad13

  • SSDEEP

    1536:HvRl+Um9yBTwZX2jKZOoAyunJu5DlAferreUpJwC3LNalPTM3QkvF4XmY:Hv7WyB8YjKZT/IJallrkC3LgpMgkvFI

Malware Config

Extracted

Family

pony

C2

http://rockims.com/forum/viewtopic.php

http://saltlakecityutahcommercialrealestate.com/forum/viewtopic.php

http://utahbankownedhomesonline.info/forum/viewtopic.php

http://utahonlinerealestate.com/forum/viewtopic.php

Attributes
  • payload_url

    http://204.12.101.9/GDN.exe

    http://208.112.125.250/nBZVKfVs.exe

    http://support.paladin-ent.com/pU7Ze.exe

    http://servernas.com.au/TzHGU.exe

Targets

    • Target

      e3534acbc2748eb0790198f8f47127da75b3fac4b822104b650b208d7d7d9135

    • Size

      114KB

    • MD5

      1f0e7fc2f3c6da762aaff8ce320bc53f

    • SHA1

      07dac644de588a265856f89aa3926191886dbd75

    • SHA256

      e3534acbc2748eb0790198f8f47127da75b3fac4b822104b650b208d7d7d9135

    • SHA512

      4a6b39cbe1f2b2e0d0298f0a4714b1677032d1a6e200078cd867475c5ee9f11085d2b2888a88aced3f154268bc982e7d6545274b8bbb0c5e180604195f62ad13

    • SSDEEP

      1536:HvRl+Um9yBTwZX2jKZOoAyunJu5DlAferreUpJwC3LNalPTM3QkvF4XmY:Hv7WyB8YjKZT/IJallrkC3LgpMgkvFI

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks