General

  • Target

    ee8d6ad858e26f2cd74a4e33a098dcfbc63cfbf2d3ffb71708ba9889d0e7c150

  • Size

    122KB

  • Sample

    221119-gw2d8agc43

  • MD5

    5d2753ec7cf7f213d0fc8cdaca5e5d45

  • SHA1

    7684ccce31d06b64d7d9ac379c0174454e250ee8

  • SHA256

    ee8d6ad858e26f2cd74a4e33a098dcfbc63cfbf2d3ffb71708ba9889d0e7c150

  • SHA512

    f05f1cdc5ca02754951f2dfcdd0a4c0b6ba3957930ad905b6ae6139ca38b2f6c36ef5959347de1f6ae0bfb8b0e690095999359b70026216c2703f1b4bd92b1ef

  • SSDEEP

    3072:CX3Ni6RfnmYcG2tf7AiMVGzUNpGlbs7/fJPlBvhp:CX9nJYtz/MVn2S7nB

Malware Config

Extracted

Family

pony

C2

http://ochengorit.ru/pizda/gate.php

Attributes
  • payload_url

    http://zemljane.far.ru/N1X.exe

    http://parrocchiadiuopini.it/ZrktExKQ.exe

    http://ftp.licenter.org/xUceFk.exe

Targets

    • Target

      ee8d6ad858e26f2cd74a4e33a098dcfbc63cfbf2d3ffb71708ba9889d0e7c150

    • Size

      122KB

    • MD5

      5d2753ec7cf7f213d0fc8cdaca5e5d45

    • SHA1

      7684ccce31d06b64d7d9ac379c0174454e250ee8

    • SHA256

      ee8d6ad858e26f2cd74a4e33a098dcfbc63cfbf2d3ffb71708ba9889d0e7c150

    • SHA512

      f05f1cdc5ca02754951f2dfcdd0a4c0b6ba3957930ad905b6ae6139ca38b2f6c36ef5959347de1f6ae0bfb8b0e690095999359b70026216c2703f1b4bd92b1ef

    • SSDEEP

      3072:CX3Ni6RfnmYcG2tf7AiMVGzUNpGlbs7/fJPlBvhp:CX9nJYtz/MVn2S7nB

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks