General

  • Target

    5e13976ab8a764b42462cb025e6cdef407b3e2f9268b776621bb6625a9d59abb

  • Size

    91KB

  • Sample

    221120-e3sdsaba5y

  • MD5

    33906afb2c708f8131e8be587a402e90

  • SHA1

    0051e5da6019d5fa72e5205efcd6d8cfded93a49

  • SHA256

    5e13976ab8a764b42462cb025e6cdef407b3e2f9268b776621bb6625a9d59abb

  • SHA512

    e738c40231f25cb5ffa31fda84fd568eada664bace5811eef3b22d49d18298202fe2964d5a36b1cc38524b24f7756c3f16759c84a8a3c91237cb84afd756e695

  • SSDEEP

    1536:HLJqW7HNpQ4qTBl7Mf59CfLMvM352lmz2ROCcnTvHkzb//P:r8stG4CfYvE54ROC5//P

Malware Config

Extracted

Family

pony

C2

http://TelevisionHunter.com/pizda/gate.php

Attributes
  • payload_url

    http://damp.pro/edZ4au.exe

    http://parrocchiadiuopini.it/ZrktExKQ.exe

    http://lobbyarkansas.com/q5CV.exe

Targets

    • Target

      5e13976ab8a764b42462cb025e6cdef407b3e2f9268b776621bb6625a9d59abb

    • Size

      91KB

    • MD5

      33906afb2c708f8131e8be587a402e90

    • SHA1

      0051e5da6019d5fa72e5205efcd6d8cfded93a49

    • SHA256

      5e13976ab8a764b42462cb025e6cdef407b3e2f9268b776621bb6625a9d59abb

    • SHA512

      e738c40231f25cb5ffa31fda84fd568eada664bace5811eef3b22d49d18298202fe2964d5a36b1cc38524b24f7756c3f16759c84a8a3c91237cb84afd756e695

    • SSDEEP

      1536:HLJqW7HNpQ4qTBl7Mf59CfLMvM352lmz2ROCcnTvHkzb//P:r8stG4CfYvE54ROC5//P

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks