General

  • Target

    c287c5e2760d1b248a900af378d4c3a9322c3298fb8fe4298f7ecd565e7d5e19

  • Size

    109KB

  • Sample

    221119-hd5vcsha86

  • MD5

    451ee83ee11df08bbe0b0a13299cdc3c

  • SHA1

    8c8e066dd3ffc3cda915a64ce6119b95872d8d91

  • SHA256

    c287c5e2760d1b248a900af378d4c3a9322c3298fb8fe4298f7ecd565e7d5e19

  • SHA512

    c3f1804be64c315b2a2b9728dbf912d5b031251160d0d8a686d86f10ab28fe6272c29f52bca817b3021d230ab0ab2fa966c73a910a1b842fdc61a822c17f78c0

  • SSDEEP

    1536:kKDu5dVimMvJEKrVUhRvC5UtWquTrlcp3caCD9wjGClQ00nWziGb3CiI0saiLPC1:k0uPViJ6KWaUt22vCA10nWziG+HH52

Malware Config

Extracted

Family

pony

C2

http://joycethomasdermathensga.info/forum/viewtopic.php

http://jthomasmddermathensga.com/forum/viewtopic.php

http://mcontrerasrealty.com/forum/viewtopic.php

http://e-babybooks.com/forum/viewtopic.php

Attributes
  • payload_url

    http://test.lmpferrara.com/hfpRY.exe

    http://palmsodyssey.org/GR7j.exe

    http://jumpsuit.se/K8WMa.exe

    http://207.57.251.143/zxiso3xP.exe

Targets

    • Target

      c287c5e2760d1b248a900af378d4c3a9322c3298fb8fe4298f7ecd565e7d5e19

    • Size

      109KB

    • MD5

      451ee83ee11df08bbe0b0a13299cdc3c

    • SHA1

      8c8e066dd3ffc3cda915a64ce6119b95872d8d91

    • SHA256

      c287c5e2760d1b248a900af378d4c3a9322c3298fb8fe4298f7ecd565e7d5e19

    • SHA512

      c3f1804be64c315b2a2b9728dbf912d5b031251160d0d8a686d86f10ab28fe6272c29f52bca817b3021d230ab0ab2fa966c73a910a1b842fdc61a822c17f78c0

    • SSDEEP

      1536:kKDu5dVimMvJEKrVUhRvC5UtWquTrlcp3caCD9wjGClQ00nWziGb3CiI0saiLPC1:k0uPViJ6KWaUt22vCA10nWziG+HH52

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks