General

  • Target

    33e05f0f26fcbff392167da6ce65921e59eae6d55f6f435bed0774fc41e99a51

  • Size

    115KB

  • Sample

    221120-k2yr3aae2z

  • MD5

    362400660f477305d4393277f12373f0

  • SHA1

    9d61e9edab8820cf7485e395f4a4b970c6b22d87

  • SHA256

    33e05f0f26fcbff392167da6ce65921e59eae6d55f6f435bed0774fc41e99a51

  • SHA512

    046c25d751e83bd39b2ca9cc6722125b026553abcc54dc127e4751ffb7f88a00493bb1c9796553761e5de1cba2d3bb0823e7bdd2a39e3f5b31ee94784c4bd78b

  • SSDEEP

    1536:F/s6vyiVDLJpEAp/6Mq8CR+hPwKD/KuV6Dw6gw2qemDxdMfTqKfFU3uXIVo7:FU6PVfLRQ8hPfDf6DNuIDxJu3

Malware Config

Extracted

Family

pony

C2

http://diamondwalla.com/forum/viewtopic.php

http://dieselgearoutlet.com/forum/viewtopic.php

http://drinkwalla.com/forum/viewtopic.php

http://dvd-walla.com/forum/viewtopic.php

Attributes
  • payload_url

    http://www.egostores.it/K1qJ.exe

    http://www.mshc.in/hKW.exe

    http://finam.net/oJquhB.exe

    http://test.plexidesign.it/TW5M4tq.exe

    http://95.110.228.229/Y0tmeeSZ.exe

Targets

    • Target

      33e05f0f26fcbff392167da6ce65921e59eae6d55f6f435bed0774fc41e99a51

    • Size

      115KB

    • MD5

      362400660f477305d4393277f12373f0

    • SHA1

      9d61e9edab8820cf7485e395f4a4b970c6b22d87

    • SHA256

      33e05f0f26fcbff392167da6ce65921e59eae6d55f6f435bed0774fc41e99a51

    • SHA512

      046c25d751e83bd39b2ca9cc6722125b026553abcc54dc127e4751ffb7f88a00493bb1c9796553761e5de1cba2d3bb0823e7bdd2a39e3f5b31ee94784c4bd78b

    • SSDEEP

      1536:F/s6vyiVDLJpEAp/6Mq8CR+hPwKD/KuV6Dw6gw2qemDxdMfTqKfFU3uXIVo7:FU6PVfLRQ8hPfDf6DNuIDxJu3

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks