General

  • Target

    82de558b4b23bb435649e7e337d9aa2730b1030d7cb5db57bbcfaf720c1d6b9b

  • Size

    112KB

  • Sample

    221120-j64cnshc51

  • MD5

    46df6704acfbd42904279f0e51bfe919

  • SHA1

    8bbca04bd6c98f27e5a43372f79f41661efdd0b8

  • SHA256

    82de558b4b23bb435649e7e337d9aa2730b1030d7cb5db57bbcfaf720c1d6b9b

  • SHA512

    e489422cea7135e686b9653b8c973500ab912a88ff1e09eae0d49f328049dbd41673f40f950e4c77b8508c143f313b8cd94ed6c9961e59791824bbf03438a3a2

  • SSDEEP

    3072:iY1A8cxh/pmkEEBvWG06sZLxeV8/iAYIkiy9glhia:mRmKBvueCPYIkn9C

Malware Config

Extracted

Family

pony

C2

http://londonleatherusa.com/forum/viewtopic.php

http://luggage-tv.com/forum/viewtopic.php

http://luggagecast.com/forum/viewtopic.php

http://luggagejc.com/forum/viewtopic.php

Attributes
  • payload_url

    http://www.chs76ers.org/f9bszz5.exe

    http://diver-station.com.tw/DpBSrKJ.exe

    http://mulberry.com.hk/ZB1h.exe

    http://pdisb.net/s6Z2PSa.exe

Targets

    • Target

      82de558b4b23bb435649e7e337d9aa2730b1030d7cb5db57bbcfaf720c1d6b9b

    • Size

      112KB

    • MD5

      46df6704acfbd42904279f0e51bfe919

    • SHA1

      8bbca04bd6c98f27e5a43372f79f41661efdd0b8

    • SHA256

      82de558b4b23bb435649e7e337d9aa2730b1030d7cb5db57bbcfaf720c1d6b9b

    • SHA512

      e489422cea7135e686b9653b8c973500ab912a88ff1e09eae0d49f328049dbd41673f40f950e4c77b8508c143f313b8cd94ed6c9961e59791824bbf03438a3a2

    • SSDEEP

      3072:iY1A8cxh/pmkEEBvWG06sZLxeV8/iAYIkiy9glhia:mRmKBvueCPYIkn9C

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks