General

  • Target

    cc0b4411441d9c33052aebd95d8d44d5e359fe8ddf3c04d90474da6bc27056d0

  • Size

    134KB

  • Sample

    221119-ha37csgh62

  • MD5

    52a3b48bb3dffdf5ee359c2d274393e0

  • SHA1

    6265834250b17881eac4583dbaff63ad75827702

  • SHA256

    cc0b4411441d9c33052aebd95d8d44d5e359fe8ddf3c04d90474da6bc27056d0

  • SHA512

    271c47cc35430abadf3b920161b622986a5800c6b2ae8ecbcf5df4f9f8fa25cf893779138aa7d5118bb52d32e52a17aeb25ed3f9c8b71dfa7c5360b82a497b39

  • SSDEEP

    3072:Z5Nr7WXryG4k79fci49+zSSWJlRPFFMQ+GaW+9RY/4:vNXZMxcbEcPLMwt

Malware Config

Extracted

Family

pony

C2

http://116.122.158.195:8080/ponyf/gate.php

http://mail.yaklasim.com:8080/ponyf/gate.php

http://customer-smart-now.com/ponyf/gate.php

http://customer-smart-now.net/ponyf/gate.php

Attributes
  • payload_url

    http://crenail.de/9SvYM.exe

    http://eclay.netwiz.net/hgXV.exe

    http://markus-schmidt-online.net/rrh2n.exe

Targets

    • Target

      cc0b4411441d9c33052aebd95d8d44d5e359fe8ddf3c04d90474da6bc27056d0

    • Size

      134KB

    • MD5

      52a3b48bb3dffdf5ee359c2d274393e0

    • SHA1

      6265834250b17881eac4583dbaff63ad75827702

    • SHA256

      cc0b4411441d9c33052aebd95d8d44d5e359fe8ddf3c04d90474da6bc27056d0

    • SHA512

      271c47cc35430abadf3b920161b622986a5800c6b2ae8ecbcf5df4f9f8fa25cf893779138aa7d5118bb52d32e52a17aeb25ed3f9c8b71dfa7c5360b82a497b39

    • SSDEEP

      3072:Z5Nr7WXryG4k79fci49+zSSWJlRPFFMQ+GaW+9RY/4:vNXZMxcbEcPLMwt

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks