General

  • Target

    cb9e9584871326b32e702d0c1effa4d2801e17251c735dd7f28aa924c070f832

  • Size

    119KB

  • Sample

    221119-hbalfagh68

  • MD5

    172deabf680dad439c6bbd1fa15f8040

  • SHA1

    9dccab1ab6100d47f76acdd6d0c1a59c369294a9

  • SHA256

    cb9e9584871326b32e702d0c1effa4d2801e17251c735dd7f28aa924c070f832

  • SHA512

    e987195a41c824823b9e1a2f5c6105e326d933eed5345d7c20431a3ea0d5115aace3e04ec2d9df15dd2f94995e541d8e17f2921d55c7a37cb673cadc1d4ea938

  • SSDEEP

    1536:A9Sxq+gLfnIBrGMvgOLjl/ICtTrwI0q6rHkbX4echbuXh7aMuGTwwrN5m7f4Mnry:A9SUPIdh/wXHuX4eybuBfh7m7pMQ

Malware Config

Extracted

Family

pony

C2

http://forum.xcpus.com:8080/forum/viewtopic.php

http://playrummyonlineguide.com/forum/viewtopic.php

http://pokeraffiliatesolutions.co.uk/forum/viewtopic.php

http://pokercritics.com/forum/viewtopic.php

Attributes
  • payload_url

    http://tvgames.gr/C7kp2.exe

    http://drritakirby.com.au/LS3aG4.exe

    http://www.visitoria.it/yEkkEuPf.exe

    http://tofthilldrivingschool.co.uk/xGyMVGV.exe

Targets

    • Target

      cb9e9584871326b32e702d0c1effa4d2801e17251c735dd7f28aa924c070f832

    • Size

      119KB

    • MD5

      172deabf680dad439c6bbd1fa15f8040

    • SHA1

      9dccab1ab6100d47f76acdd6d0c1a59c369294a9

    • SHA256

      cb9e9584871326b32e702d0c1effa4d2801e17251c735dd7f28aa924c070f832

    • SHA512

      e987195a41c824823b9e1a2f5c6105e326d933eed5345d7c20431a3ea0d5115aace3e04ec2d9df15dd2f94995e541d8e17f2921d55c7a37cb673cadc1d4ea938

    • SSDEEP

      1536:A9Sxq+gLfnIBrGMvgOLjl/ICtTrwI0q6rHkbX4echbuXh7aMuGTwwrN5m7f4Mnry:A9SUPIdh/wXHuX4eybuBfh7m7pMQ

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks