General

  • Target

    f20fc5b36301c73170d9fd6eefd31f74ddaf6b835945b1af706f186b8ee538c0

  • Size

    129KB

  • Sample

    221119-gvtmzscd3t

  • MD5

    418280a69f4f9f7363dbd400d1531270

  • SHA1

    83f5adf3852f8d89853be01c5c314c210035dd20

  • SHA256

    f20fc5b36301c73170d9fd6eefd31f74ddaf6b835945b1af706f186b8ee538c0

  • SHA512

    378aa0c26c3ed3e44e947a7b83cd336b5bb243b5177e49b0604aeba5977bf76dfa41d3efa41003baf713576632a96bef01e0fdcdbe2d7102ec19dbe4f1c7ce92

  • SSDEEP

    1536:XR+mzRKklUFgYnNXopHZNk+itc5Vcg+vgV1K+ucUgewhj+kilpKncMNfmVejEvwr:XoIENzcjfK+9UWjt2Yncq6E1j/

Malware Config

Extracted

Family

pony

C2

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://116.122.158.195:8080/forum/viewtopic.php

http://snorerxcouponcode.org/forum/viewtopic.php

http://snorerxreviews.info/forum/viewtopic.php

Attributes
  • payload_url

    http://metrologico.gr/oDrSGj.exe

    http://www.whyabout.com/1LNJ8PMt.exe

    http://repro2go.com/QLQ5kL8.exe

Targets

    • Target

      f20fc5b36301c73170d9fd6eefd31f74ddaf6b835945b1af706f186b8ee538c0

    • Size

      129KB

    • MD5

      418280a69f4f9f7363dbd400d1531270

    • SHA1

      83f5adf3852f8d89853be01c5c314c210035dd20

    • SHA256

      f20fc5b36301c73170d9fd6eefd31f74ddaf6b835945b1af706f186b8ee538c0

    • SHA512

      378aa0c26c3ed3e44e947a7b83cd336b5bb243b5177e49b0604aeba5977bf76dfa41d3efa41003baf713576632a96bef01e0fdcdbe2d7102ec19dbe4f1c7ce92

    • SSDEEP

      1536:XR+mzRKklUFgYnNXopHZNk+itc5Vcg+vgV1K+ucUgewhj+kilpKncMNfmVejEvwr:XoIENzcjfK+9UWjt2Yncq6E1j/

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks