General

  • Target

    8541aa3308d13485e05e1cf3e107c53a3d6688053960db61e2cde6c1c8e14b14

  • Size

    137KB

  • Sample

    221120-j51v6adg96

  • MD5

    3634850f4a0042a1746c5f5766a6d770

  • SHA1

    ed10948770ccef4d54ac417d089eb66829b4d9b3

  • SHA256

    8541aa3308d13485e05e1cf3e107c53a3d6688053960db61e2cde6c1c8e14b14

  • SHA512

    ba4940dbc580431c099a8c567987bb658a77e1c43ccb013df5ff1e39080bedae4535a7edd233fbeb38f119277dc08a3d25f1332dce2f97e595c3a847ab38f4e2

  • SSDEEP

    3072:91Jh2TyD7gFC7EmJn4y2CvqhXrN+8WvxT9ExKfmhAponQ7Gi7WL3e:PvENcxq82nQNKS

Malware Config

Extracted

Family

pony

C2

http://angels-mail.com:8080/forum/viewtopic.php

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://hollywoodhillscondos.com/forum/viewtopic.php

http://housesforrentinpalmspringsca.com/forum/viewtopic.php

Attributes
  • payload_url

    http://embeddedcoaching.org/KbTsFC.exe

    http://www.younielawnscapes.com/it6.exe

    http://files.seventilmidnight.com/ymQaMUe.exe

Targets

    • Target

      8541aa3308d13485e05e1cf3e107c53a3d6688053960db61e2cde6c1c8e14b14

    • Size

      137KB

    • MD5

      3634850f4a0042a1746c5f5766a6d770

    • SHA1

      ed10948770ccef4d54ac417d089eb66829b4d9b3

    • SHA256

      8541aa3308d13485e05e1cf3e107c53a3d6688053960db61e2cde6c1c8e14b14

    • SHA512

      ba4940dbc580431c099a8c567987bb658a77e1c43ccb013df5ff1e39080bedae4535a7edd233fbeb38f119277dc08a3d25f1332dce2f97e595c3a847ab38f4e2

    • SSDEEP

      3072:91Jh2TyD7gFC7EmJn4y2CvqhXrN+8WvxT9ExKfmhAponQ7Gi7WL3e:PvENcxq82nQNKS

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks