General

  • Target

    dfb8d11d3d42d96369016f33b4e72996b0ddc4352a33144c87b7082f5e3b37b1

  • Size

    116KB

  • Sample

    221120-h5xytsff7x

  • MD5

    5154e2284c8c796201e94de0718111e1

  • SHA1

    2ad42c62a0d9b638bf10d6797f23c7bcff085691

  • SHA256

    dfb8d11d3d42d96369016f33b4e72996b0ddc4352a33144c87b7082f5e3b37b1

  • SHA512

    3a507420778a67106d15474cfb63be38fa3389315772f8d45bdc6c7dc406da539c79119fb8923c684579ab23eccbf4c124bea8fd12ca9d9003c6fc463b40eeaf

  • SSDEEP

    3072:6QSgSSwzZjO7xqqgk1zpW1G+zcqOUv9b:L2uxqqgqziYqOyZ

Malware Config

Extracted

Family

pony

C2

http://oliviagurun.com/forum/viewtopic.php

http://onecable.ca/forum/viewtopic.php

http://onlyidea.com/forum/viewtopic.php

http://originalpizzaplus.ca/forum/viewtopic.php

Attributes
  • payload_url

    http://raylan.com/ejQ88c.exe

    http://chipconveyors.co.in/MTRUvt.exe

    http://www.hvh-immo.de/YcA3S.exe

    http://www.challengersudoku.info/U126RZ.exe

Targets

    • Target

      dfb8d11d3d42d96369016f33b4e72996b0ddc4352a33144c87b7082f5e3b37b1

    • Size

      116KB

    • MD5

      5154e2284c8c796201e94de0718111e1

    • SHA1

      2ad42c62a0d9b638bf10d6797f23c7bcff085691

    • SHA256

      dfb8d11d3d42d96369016f33b4e72996b0ddc4352a33144c87b7082f5e3b37b1

    • SHA512

      3a507420778a67106d15474cfb63be38fa3389315772f8d45bdc6c7dc406da539c79119fb8923c684579ab23eccbf4c124bea8fd12ca9d9003c6fc463b40eeaf

    • SSDEEP

      3072:6QSgSSwzZjO7xqqgk1zpW1G+zcqOUv9b:L2uxqqgqziYqOyZ

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks