General

  • Target

    ea056412fa94acd82b016662cac87d1776d461ed07ef275a968ae53570611a51

  • Size

    123KB

  • Sample

    221119-gyq19sce4x

  • MD5

    368e4e5a79279b3cc47b279f348c7040

  • SHA1

    cc87a1247ed70bffd37fefc35b7c07c127df69c4

  • SHA256

    ea056412fa94acd82b016662cac87d1776d461ed07ef275a968ae53570611a51

  • SHA512

    6ab31175cf1316bf76fccb41a3b1278c5d74a388bfaa3d492b86cb82d849ffc729a43659a4fb97044eef8472deda91dfa2024f5f61f31af7736334eee55cb898

  • SSDEEP

    1536:1hEn9XmhVL+nMqypxgZVfAtjgVQEq77bNXOtPPLUZyOCefu2ZpKMPhf/VraQLBm9:1F1uMqypxMGiQVItPkyH2LKCt2Q9m

Malware Config

Extracted

Family

pony

C2

http://94.32.66.114/forum/viewtopic.php

http://116.122.158.195:8080/forum/viewtopic.php

http://drpeterson.org/forum/viewtopic.php

http://e21c.com/forum/viewtopic.php

Attributes
  • payload_url

    http://neelkanthtravelsharidwar.com/pt47.exe

    http://gsftrucking.com/wQbJ6.exe

    http://www.orexis-team.gr/Lcb0kR.exe

Targets

    • Target

      ea056412fa94acd82b016662cac87d1776d461ed07ef275a968ae53570611a51

    • Size

      123KB

    • MD5

      368e4e5a79279b3cc47b279f348c7040

    • SHA1

      cc87a1247ed70bffd37fefc35b7c07c127df69c4

    • SHA256

      ea056412fa94acd82b016662cac87d1776d461ed07ef275a968ae53570611a51

    • SHA512

      6ab31175cf1316bf76fccb41a3b1278c5d74a388bfaa3d492b86cb82d849ffc729a43659a4fb97044eef8472deda91dfa2024f5f61f31af7736334eee55cb898

    • SSDEEP

      1536:1hEn9XmhVL+nMqypxgZVfAtjgVQEq77bNXOtPPLUZyOCefu2ZpKMPhf/VraQLBm9:1F1uMqypxMGiQVItPkyH2LKCt2Q9m

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks