General

  • Target

    d374edd3b511521ef321aed1796d09ba0f2ed3f367e516d206ecd63842df7eae

  • Size

    128KB

  • Sample

    221119-g8bpbsgg53

  • MD5

    2c3f026643fcbc0e987fbae15926eb70

  • SHA1

    82a9ca289759bf56ec0eca5dbd839b2c723b2dee

  • SHA256

    d374edd3b511521ef321aed1796d09ba0f2ed3f367e516d206ecd63842df7eae

  • SHA512

    fc6772e9e4dacc32104ca7edafe61f0eaf899c629a5be050f2d8bfb867f80d13e5111c56b38f468f6346dfa19eb6a21f8af5db0d903249188c06b7c7448fd0ec

  • SSDEEP

    3072:FtyXTo5m/WBe27447SRYeaWJryGDs/1TR5Feb96/wRLWUQyOn9:447SRla/GuD5sb96rUQyOn

Malware Config

Extracted

Family

pony

C2

http://mail.yaklasim.com:8080/ponyz/gate.php

http://andlettherebelight.com/ponyz/gate.php

http://firepointmedia.net/ponyz/gate.php

http://graphicspecialistsgroup.com/ponyz/gate.php

Attributes
  • payload_url

    http://paperlesscontact.com/EzGhUN.exe

    http://1726308.sites.myregisteredsite.com/9ZsS.exe

    http://rigbers.de/sSJex.exe

Targets

    • Target

      d374edd3b511521ef321aed1796d09ba0f2ed3f367e516d206ecd63842df7eae

    • Size

      128KB

    • MD5

      2c3f026643fcbc0e987fbae15926eb70

    • SHA1

      82a9ca289759bf56ec0eca5dbd839b2c723b2dee

    • SHA256

      d374edd3b511521ef321aed1796d09ba0f2ed3f367e516d206ecd63842df7eae

    • SHA512

      fc6772e9e4dacc32104ca7edafe61f0eaf899c629a5be050f2d8bfb867f80d13e5111c56b38f468f6346dfa19eb6a21f8af5db0d903249188c06b7c7448fd0ec

    • SSDEEP

      3072:FtyXTo5m/WBe27447SRYeaWJryGDs/1TR5Feb96/wRLWUQyOn9:447SRla/GuD5sb96rUQyOn

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks