General

  • Target

    b3252b5fa02fc8cf13e7b5bb8cf8025bb56ff708ba7354f2ecb5fc8a20faa9c5

  • Size

    128KB

  • Sample

    221119-hkleasdd3t

  • MD5

    54401043a4ec78d17634414a338b8210

  • SHA1

    281371fc2575307c16652e69fead4ec270001ec1

  • SHA256

    b3252b5fa02fc8cf13e7b5bb8cf8025bb56ff708ba7354f2ecb5fc8a20faa9c5

  • SHA512

    0127cb96b60e369e077a7e5405748cb92cb90900fc9a5f66d3de47d4fdf40d9b4b63b0351fcbcc1f110240ac1c5be3b38a7969a43886ed34adef42019f56b010

  • SSDEEP

    3072:xXa4Y9B9uf8Arg1v861VmsWyT4GEXskfByr2gj+DpJktAJo/D1:DgnmpyT4LXskfByr2tpStF

Malware Config

Extracted

Family

pony

C2

http://angels-mail.com:8080/ponys/gate.php

http://mail.yaklasim.com:8080/ponys/gate.php

http://palmspringsvacationhomerentals.com/ponys/gate.php

http://palmspringsvacationrentalshomes.com/ponys/gate.php

Attributes
  • payload_url

    http://00002fl.rcomhost.com/DCW1grdF.exe

    http://appliedbearings.com/J4s3swS7.exe

    http://myshoppingbusiness.com/uzyf.exe

    http://agwfinanse.pl/Rup.exe

Targets

    • Target

      b3252b5fa02fc8cf13e7b5bb8cf8025bb56ff708ba7354f2ecb5fc8a20faa9c5

    • Size

      128KB

    • MD5

      54401043a4ec78d17634414a338b8210

    • SHA1

      281371fc2575307c16652e69fead4ec270001ec1

    • SHA256

      b3252b5fa02fc8cf13e7b5bb8cf8025bb56ff708ba7354f2ecb5fc8a20faa9c5

    • SHA512

      0127cb96b60e369e077a7e5405748cb92cb90900fc9a5f66d3de47d4fdf40d9b4b63b0351fcbcc1f110240ac1c5be3b38a7969a43886ed34adef42019f56b010

    • SSDEEP

      3072:xXa4Y9B9uf8Arg1v861VmsWyT4GEXskfByr2gj+DpJktAJo/D1:DgnmpyT4LXskfByr2tpStF

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks