General

  • Target

    d14618698b17b5a866533601bf977d1e796e0cc1e9bd7ac7cae11a6b0d0c99b3

  • Size

    114KB

  • Sample

    221119-g84p4sch7s

  • MD5

    1d24ddf4a27d6d77ddc4ae4f36edd3c0

  • SHA1

    6eb754498e5909b9ad7a036b86bb11f8cf41b4dd

  • SHA256

    d14618698b17b5a866533601bf977d1e796e0cc1e9bd7ac7cae11a6b0d0c99b3

  • SHA512

    c5da8c3eb7fb1d6ee41b1f6ea3e2ec1db251337b710136bc61c33305ae840a979fe3ce2c0457cdc67c05b0c52cdda3ff2a517ccffd5cefd8844f1d04d4b8c7e2

  • SSDEEP

    3072:n6vbeKNc+XdOU8Xu95s/GwP5PieyCiLeLImyv6nzCtKIpQAkk:nY8U8+nsVhPqCiLe8LvAzxjk

Malware Config

Extracted

Family

pony

C2

http://rippedtrainer.com/forum/viewtopic.php

http://subprimemortgage.us/forum/viewtopic.php

http://inflectionism.com/forum/viewtopic.php

http://waltwhitman150.org/forum/viewtopic.php

Attributes
  • payload_url

    http://test.lmpferrara.com/6gsgXBfC.exe

    http://www.anipi-emiliaromagna.it/cPd7p9TV.exe

    http://jumpsuit.se/tcLub6.exe

    http://solhis.net/b2oix6.exe

Targets

    • Target

      d14618698b17b5a866533601bf977d1e796e0cc1e9bd7ac7cae11a6b0d0c99b3

    • Size

      114KB

    • MD5

      1d24ddf4a27d6d77ddc4ae4f36edd3c0

    • SHA1

      6eb754498e5909b9ad7a036b86bb11f8cf41b4dd

    • SHA256

      d14618698b17b5a866533601bf977d1e796e0cc1e9bd7ac7cae11a6b0d0c99b3

    • SHA512

      c5da8c3eb7fb1d6ee41b1f6ea3e2ec1db251337b710136bc61c33305ae840a979fe3ce2c0457cdc67c05b0c52cdda3ff2a517ccffd5cefd8844f1d04d4b8c7e2

    • SSDEEP

      3072:n6vbeKNc+XdOU8Xu95s/GwP5PieyCiLeLImyv6nzCtKIpQAkk:nY8U8+nsVhPqCiLe8LvAzxjk

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks