General

  • Target

    81faba385e257aadeeec5f13b11061fd5aa40255994447a9f269f3ed14f479d7

  • Size

    114KB

  • Sample

    221120-j7gkashc6x

  • MD5

    26103234918d2338e7754dd381b41c70

  • SHA1

    adf66d856a3e6269e8d3d82f9ffe4b0ca8379bc9

  • SHA256

    81faba385e257aadeeec5f13b11061fd5aa40255994447a9f269f3ed14f479d7

  • SHA512

    8d28791ba374015481823d6dddfde823be165338c05d88ba5b1da1a0f2f9f0ba54d5977fdf5c81e2555c9783b9a61569ce6bdaca414c57377a07bdf1e943550d

  • SSDEEP

    3072:PHZG+XlIyxzsberHxw8jRBkzSRAzXJeDLwi2meaiXrjeBNZgih:8yxfwEB1iZ+LNl7iXOBNZgi

Malware Config

Extracted

Family

pony

C2

http://checkpointfriendlybusinesscases.com/forum/viewtopic.php

http://checkpointfriendlylaptopcases.com/forum/viewtopic.php

http://checkpointfriendlytravelaccessories.com/forum/viewtopic.php

http://checkpointluggage.com/forum/viewtopic.php

Attributes
  • payload_url

    http://www.mbbd.it/4zZ.exe

    http://win.centrostudiathena.com/32qr.exe

    http://www.red-devil-fashion.de/mwK8RY6.exe

    http://grandns.net/WFHqQ0t1.exe

Targets

    • Target

      81faba385e257aadeeec5f13b11061fd5aa40255994447a9f269f3ed14f479d7

    • Size

      114KB

    • MD5

      26103234918d2338e7754dd381b41c70

    • SHA1

      adf66d856a3e6269e8d3d82f9ffe4b0ca8379bc9

    • SHA256

      81faba385e257aadeeec5f13b11061fd5aa40255994447a9f269f3ed14f479d7

    • SHA512

      8d28791ba374015481823d6dddfde823be165338c05d88ba5b1da1a0f2f9f0ba54d5977fdf5c81e2555c9783b9a61569ce6bdaca414c57377a07bdf1e943550d

    • SSDEEP

      3072:PHZG+XlIyxzsberHxw8jRBkzSRAzXJeDLwi2meaiXrjeBNZgih:8yxfwEB1iZ+LNl7iXOBNZgi

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks