General

  • Target

    ede92c92a84085506b0c7c75643017f520c11faeab53c1b3de9cdff3271a6e49

  • Size

    134KB

  • Sample

    221119-gxaynagc53

  • MD5

    44010795b72aa4191ad1125989df6b34

  • SHA1

    f60092d29ff893ff7b4e795ac4ad43a57e8601d3

  • SHA256

    ede92c92a84085506b0c7c75643017f520c11faeab53c1b3de9cdff3271a6e49

  • SHA512

    a790b18a8024a6e3471138bbf58ffc25b79dc1d7e70aa92eb129616e69ae8a4d34807000c9690eeef1cca3dcba55a2c3d5c3ebf302d8e6fa356dfffcff490483

  • SSDEEP

    3072:3ZZ3rS8LrzDFLIx/HW8pppQqHKsr9WIWbYm:zS8LrzDFk9tppPHKsr9XW8

Malware Config

Extracted

Family

pony

C2

http://116.122.158.195:8080/ponys/gate.php

http://10healthynails.com/ponys/gate.php

http://advprintgraphics.com/ponys/gate.php

http://alabamaelectricalservice.net/ponys/gate.php

Attributes
  • payload_url

    http://worldcompass.info/GtX8kntz.exe

    http://02c7bdc.netsolhost.com/bfMXS.exe

    http://www.mariassunta.it/S7tZpa.exe

    http://207.204.5.170/D58t2VN.exe

Targets

    • Target

      ede92c92a84085506b0c7c75643017f520c11faeab53c1b3de9cdff3271a6e49

    • Size

      134KB

    • MD5

      44010795b72aa4191ad1125989df6b34

    • SHA1

      f60092d29ff893ff7b4e795ac4ad43a57e8601d3

    • SHA256

      ede92c92a84085506b0c7c75643017f520c11faeab53c1b3de9cdff3271a6e49

    • SHA512

      a790b18a8024a6e3471138bbf58ffc25b79dc1d7e70aa92eb129616e69ae8a4d34807000c9690eeef1cca3dcba55a2c3d5c3ebf302d8e6fa356dfffcff490483

    • SSDEEP

      3072:3ZZ3rS8LrzDFLIx/HW8pppQqHKsr9WIWbYm:zS8LrzDFk9tppPHKsr9XW8

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks