General

  • Target

    88415a4a3370cfb5351044cf69c1652ee196cfb31793eac350be3ce0fe7f4980

  • Size

    120KB

  • Sample

    221120-j4shdsdg68

  • MD5

    32cf05a83614c5461f528301885c2447

  • SHA1

    884e875c855332cea468e94459d81668e3150be8

  • SHA256

    88415a4a3370cfb5351044cf69c1652ee196cfb31793eac350be3ce0fe7f4980

  • SHA512

    4e78e5b25e93ae9c9a43d8f7641ddb18247658498a0b2cf4f5e9446b3715548c4c82dbf1d434fc240f6894502baac04c873334776a5118902389519c64a57ca1

  • SSDEEP

    768:vGF0DdiwNm8vBYKPkuUsb8fDRN+UPV9jRv0mwnlBg80W8Cj1:v9ddNlhklsAPjv0mw88D8Cj

Malware Config

Extracted

Family

pony

C2

http://www.abogadosiriarte.com/resp.php

http://www.azucarnatural.com/resp.php

Targets

    • Target

      88415a4a3370cfb5351044cf69c1652ee196cfb31793eac350be3ce0fe7f4980

    • Size

      120KB

    • MD5

      32cf05a83614c5461f528301885c2447

    • SHA1

      884e875c855332cea468e94459d81668e3150be8

    • SHA256

      88415a4a3370cfb5351044cf69c1652ee196cfb31793eac350be3ce0fe7f4980

    • SHA512

      4e78e5b25e93ae9c9a43d8f7641ddb18247658498a0b2cf4f5e9446b3715548c4c82dbf1d434fc240f6894502baac04c873334776a5118902389519c64a57ca1

    • SSDEEP

      768:vGF0DdiwNm8vBYKPkuUsb8fDRN+UPV9jRv0mwnlBg80W8Cj1:v9ddNlhklsAPjv0mw88D8Cj

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks