General

  • Target

    ff3f2f9c57aacff23d60e103dbc34349890b40ddb5ce1c5a4f6283d0942a7795

  • Size

    91KB

  • Sample

    221119-gpsthacb2v

  • MD5

    14fabac08e26bd72ca56c97be179cde0

  • SHA1

    2ba166a31140c8a34ef941e38094cded8024abb1

  • SHA256

    ff3f2f9c57aacff23d60e103dbc34349890b40ddb5ce1c5a4f6283d0942a7795

  • SHA512

    b74543cdc27d3470d27f4dfa5b513fac3fba2d9c49cea114f68602564360839c0bee3329bdc9008da3c292d677787998b85157fb045d0c25072c4c68e4e4838c

  • SSDEEP

    1536:uMlYx8d722f/BH7ECuQkKRfkkhFNnUBot/TCZn5p76zmKlYCn7KOpaYdfo7uPIbQ:uEAs2Y7EskKBkcXnCg7M5p7SmTcKIFoK

Malware Config

Extracted

Family

pony

C2

http://gooderix.info:9135/pic/fly.php

http://vooderax.info:9135/pic/fly.php

Targets

    • Target

      ff3f2f9c57aacff23d60e103dbc34349890b40ddb5ce1c5a4f6283d0942a7795

    • Size

      91KB

    • MD5

      14fabac08e26bd72ca56c97be179cde0

    • SHA1

      2ba166a31140c8a34ef941e38094cded8024abb1

    • SHA256

      ff3f2f9c57aacff23d60e103dbc34349890b40ddb5ce1c5a4f6283d0942a7795

    • SHA512

      b74543cdc27d3470d27f4dfa5b513fac3fba2d9c49cea114f68602564360839c0bee3329bdc9008da3c292d677787998b85157fb045d0c25072c4c68e4e4838c

    • SSDEEP

      1536:uMlYx8d722f/BH7ECuQkKRfkkhFNnUBot/TCZn5p76zmKlYCn7KOpaYdfo7uPIbQ:uEAs2Y7EskKBkcXnCg7M5p7SmTcKIFoK

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks