General

  • Target

    f5e5c1841e1abe72d22fc1b595aaaeded95a5b5ff8b294a5d839ffcbf24057d1

  • Size

    137KB

  • Sample

    221120-hvn8yaca46

  • MD5

    32e88ff52de6f79ee1bf70df1257fc6e

  • SHA1

    d7e9178aefa635a2e56d90be2f642b4288ca2d4d

  • SHA256

    f5e5c1841e1abe72d22fc1b595aaaeded95a5b5ff8b294a5d839ffcbf24057d1

  • SHA512

    e8f2419c3a3a4392bdaa0ab1dbcb26354ee043703ef2ad0ab66d0c1fd7e8937fcb8d2136b119a6ebaf3659899ffc24264f6661344708b582fc7a0d27d3686e66

  • SSDEEP

    3072:5Mjnq2BgLEDVwxotVl6ZWsUP1eY0vMeYq7uPj2npO5ajD37tkDNA:MVl6ZbU9cQT2npOsZkhA

Malware Config

Extracted

Family

pony

C2

http://angels-mail.com:8080/forum/viewtopic.php

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://palmspringscondovacationrentals.com/forum/viewtopic.php

http://luxuryvacationrentalpalmsprings.com/forum/viewtopic.php

Attributes
  • payload_url

    http://www.kgsindia.in/C0eZzx5m.exe

    http://destek.sahrasoft.com/mEcrK.exe

    http://panachetechsolutions.com/xaZ4e.exe

Targets

    • Target

      f5e5c1841e1abe72d22fc1b595aaaeded95a5b5ff8b294a5d839ffcbf24057d1

    • Size

      137KB

    • MD5

      32e88ff52de6f79ee1bf70df1257fc6e

    • SHA1

      d7e9178aefa635a2e56d90be2f642b4288ca2d4d

    • SHA256

      f5e5c1841e1abe72d22fc1b595aaaeded95a5b5ff8b294a5d839ffcbf24057d1

    • SHA512

      e8f2419c3a3a4392bdaa0ab1dbcb26354ee043703ef2ad0ab66d0c1fd7e8937fcb8d2136b119a6ebaf3659899ffc24264f6661344708b582fc7a0d27d3686e66

    • SSDEEP

      3072:5Mjnq2BgLEDVwxotVl6ZWsUP1eY0vMeYq7uPj2npO5ajD37tkDNA:MVl6ZbU9cQT2npOsZkhA

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks