General

  • Target

    b77a4ea429b9821fa5f87355984c76445a6b7d23d50f315cc9aed4aeaa7ae332

  • Size

    119KB

  • Sample

    221120-etbpnsae9w

  • MD5

    3def78748e737a5e108a3cd7c66f97b0

  • SHA1

    ccd472b4e521f295fea5907833211c8298044f21

  • SHA256

    b77a4ea429b9821fa5f87355984c76445a6b7d23d50f315cc9aed4aeaa7ae332

  • SHA512

    bf293a7891bcfed3ce3e8a86b56a8a5bb5810a7716ce753bf89d2a7717b9cf7c01e7190e0500b81d260fcafc6296abf2247076494466c777975e71c1e91c51af

  • SSDEEP

    3072:xL8t3BDUvJ2ngqlpr3W1v+tkQMoeOTDZq23FJUH2:RCxDs8n9rLWUkQMoPj3EH2

Malware Config

Extracted

Family

pony

C2

http://ochengorit.ru/pizda/gate.php

Attributes
  • payload_url

    http://zemljane.far.ru/N1X.exe

    http://parrocchiadiuopini.it/ZrktExKQ.exe

    http://ftp.licenter.org/xUceFk.exe

Targets

    • Target

      b77a4ea429b9821fa5f87355984c76445a6b7d23d50f315cc9aed4aeaa7ae332

    • Size

      119KB

    • MD5

      3def78748e737a5e108a3cd7c66f97b0

    • SHA1

      ccd472b4e521f295fea5907833211c8298044f21

    • SHA256

      b77a4ea429b9821fa5f87355984c76445a6b7d23d50f315cc9aed4aeaa7ae332

    • SHA512

      bf293a7891bcfed3ce3e8a86b56a8a5bb5810a7716ce753bf89d2a7717b9cf7c01e7190e0500b81d260fcafc6296abf2247076494466c777975e71c1e91c51af

    • SSDEEP

      3072:xL8t3BDUvJ2ngqlpr3W1v+tkQMoeOTDZq23FJUH2:RCxDs8n9rLWUkQMoPj3EH2

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks