General

  • Target

    f5f33ce8b0548deecd5aa4ba3d1e6df6a88ada03c67d68b1bce6b7fbe32c32ec

  • Size

    114KB

  • Sample

    221120-hvnmeafc6z

  • MD5

    5ffcfd97b9ec7376434768edb2914a69

  • SHA1

    47aa9e31ee3d94aff9416fedadd39c895fd61ffa

  • SHA256

    f5f33ce8b0548deecd5aa4ba3d1e6df6a88ada03c67d68b1bce6b7fbe32c32ec

  • SHA512

    b6915fdac708f4dd69e437b174afb0d78008c71f01abb2f51647fb813572f7a504425a930e3a72bcb2dd6066b7480f6fefeb553158124332e00f526229859fb7

  • SSDEEP

    3072:oLg0wcuDOLBfD9T5O2c0PWVz+y/Z4F+X:IuDCZI2cAWDZ4o

Malware Config

Extracted

Family

pony

C2

http://checkpointluggage.com/ponyb/gate.php

http://clotheswalla.com/ponyb/gate.php

http://consumerluggage.com/ponyb/gate.php

http://coolstowage.com/ponyb/gate.php

Attributes
  • payload_url

    http://ebaa.daa.jp/A8HFWqy.exe

    http://www.ekko-snakker.de/n9m.exe

    http://fanpageserver.info/PhFJ.exe

    http://hakata-ekimae.biz/YyJYqg.exe

Targets

    • Target

      f5f33ce8b0548deecd5aa4ba3d1e6df6a88ada03c67d68b1bce6b7fbe32c32ec

    • Size

      114KB

    • MD5

      5ffcfd97b9ec7376434768edb2914a69

    • SHA1

      47aa9e31ee3d94aff9416fedadd39c895fd61ffa

    • SHA256

      f5f33ce8b0548deecd5aa4ba3d1e6df6a88ada03c67d68b1bce6b7fbe32c32ec

    • SHA512

      b6915fdac708f4dd69e437b174afb0d78008c71f01abb2f51647fb813572f7a504425a930e3a72bcb2dd6066b7480f6fefeb553158124332e00f526229859fb7

    • SSDEEP

      3072:oLg0wcuDOLBfD9T5O2c0PWVz+y/Z4F+X:IuDCZI2cAWDZ4o

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks