General

  • Target

    cc6c4807522f03e6125df957a6e9f30ff757ac83f991bae215f619bc7b4b1ec5

  • Size

    107KB

  • Sample

    221120-gj8b1aab55

  • MD5

    50a62244a66685b5aa36ed7621db7310

  • SHA1

    d25d973613fb0a3f6e36a999c106a16734a14c3a

  • SHA256

    cc6c4807522f03e6125df957a6e9f30ff757ac83f991bae215f619bc7b4b1ec5

  • SHA512

    529688b81017cc0d29d4071802efd3c02d3dc947b7b6d07c8bf276d7721ba8d0d3070600bea5324b638dde362f8e4781f7250c650a47599a2d97dddec716bce8

  • SSDEEP

    3072:2EUVSf/NitczHhlPQpl6LSt3p77hk6Na:5itczHUqLSP7R

Malware Config

Extracted

Family

pony

C2

http://customkids.com/forum/viewtopic.php

http://dharmaking.info/forum/viewtopic.php

http://dharmaking.net/forum/viewtopic.php

http://dharmaking.org/forum/viewtopic.php

Attributes
  • payload_url

    http://ftp.yoshinkan.cz/8QKj6pN.exe

    http://cryptonx.gr/Dua.exe

    http://noibait2.blue-or-green.net/SM5.exe

    http://intergalactic-hq.com/La0Z.exe

Targets

    • Target

      cc6c4807522f03e6125df957a6e9f30ff757ac83f991bae215f619bc7b4b1ec5

    • Size

      107KB

    • MD5

      50a62244a66685b5aa36ed7621db7310

    • SHA1

      d25d973613fb0a3f6e36a999c106a16734a14c3a

    • SHA256

      cc6c4807522f03e6125df957a6e9f30ff757ac83f991bae215f619bc7b4b1ec5

    • SHA512

      529688b81017cc0d29d4071802efd3c02d3dc947b7b6d07c8bf276d7721ba8d0d3070600bea5324b638dde362f8e4781f7250c650a47599a2d97dddec716bce8

    • SSDEEP

      3072:2EUVSf/NitczHhlPQpl6LSt3p77hk6Na:5itczHUqLSP7R

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks