General

  • Target

    e1b64283f9549fc6d4a2b96411ba98cbb74bc8ebf037a91c42b08eb2d2af0f76

  • Size

    110KB

  • Sample

    221119-g2rrzage36

  • MD5

    2790eacdbdc1091212a81a161f3dca80

  • SHA1

    7c92c6f92e0ce0c044cbed4473071cc3e95277ca

  • SHA256

    e1b64283f9549fc6d4a2b96411ba98cbb74bc8ebf037a91c42b08eb2d2af0f76

  • SHA512

    fb44f29b43e2ef9bee44c2be40339c698db5c159d00028d63bed4d79c2114973138b03c6191ea75010a98c523a46918ccc920888819f904cedb7ec8e7eec440a

  • SSDEEP

    3072:DONrZMTzWU24zYH0tbgzXeVrN4h5kYZpQT:qFMvW3Yb6E+TnUT

Malware Config

Extracted

Family

pony

C2

http://louievozza.com/forum/viewtopic.php

http://louvozza.com/forum/viewtopic.php

http://lv-contracting.com/forum/viewtopic.php

http://lvconcordecontracting.com/forum/viewtopic.php

Attributes
  • payload_url

    http://akroncantonhalloween.com/ydTQ.exe

    http://www.gungeartogo.socialpacific.com/z3X.exe

    http://66.71.156.136/GFY2.exe

    http://bouncebackonline.com/a69qu.exe

Targets

    • Target

      e1b64283f9549fc6d4a2b96411ba98cbb74bc8ebf037a91c42b08eb2d2af0f76

    • Size

      110KB

    • MD5

      2790eacdbdc1091212a81a161f3dca80

    • SHA1

      7c92c6f92e0ce0c044cbed4473071cc3e95277ca

    • SHA256

      e1b64283f9549fc6d4a2b96411ba98cbb74bc8ebf037a91c42b08eb2d2af0f76

    • SHA512

      fb44f29b43e2ef9bee44c2be40339c698db5c159d00028d63bed4d79c2114973138b03c6191ea75010a98c523a46918ccc920888819f904cedb7ec8e7eec440a

    • SSDEEP

      3072:DONrZMTzWU24zYH0tbgzXeVrN4h5kYZpQT:qFMvW3Yb6E+TnUT

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks