General

  • Target

    295ae7c8995c316d88b50a13e492c71c31df53b724e3cdec571e9b3dc189ae2f

  • Size

    131KB

  • Sample

    221120-k6ejzsfc66

  • MD5

    50e0ec52d81a2ccc00f0da36477fd370

  • SHA1

    5f7b63503fa73885f12f4172741666d36d8c02dd

  • SHA256

    295ae7c8995c316d88b50a13e492c71c31df53b724e3cdec571e9b3dc189ae2f

  • SHA512

    f7b3db027f7d2af7abc9cc528a4c5cfa3886e5c22feba3129c9e8653319abe876a37818f75933581a23e36248ae560101ffae21eaba5360f855a27518ae17271

  • SSDEEP

    3072:apHfi7nmw4Lql/8TahfeYJr6YJfwizm5aYuh5RgC:apHqSdLmGoWYJrhJ5zoaYuh5R

Malware Config

Extracted

Family

pony

C2

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://116.122.158.195:8080/forum/viewtopic.php

http://hurricanesavingsgift.com/forum/viewtopic.php

http://hurricaneshuttersdiscount.com/forum/viewtopic.php

Attributes
  • payload_url

    http://www.kavalevent.com/CehCBf2.exe

    http://jossboutique.fr/dq8k3nhy.exe

    http://applehospital.com/gP9t.exe

    http://spireportal.net/5ay2n.exe

    http://ray.tc/ZZasL.exe

Targets

    • Target

      295ae7c8995c316d88b50a13e492c71c31df53b724e3cdec571e9b3dc189ae2f

    • Size

      131KB

    • MD5

      50e0ec52d81a2ccc00f0da36477fd370

    • SHA1

      5f7b63503fa73885f12f4172741666d36d8c02dd

    • SHA256

      295ae7c8995c316d88b50a13e492c71c31df53b724e3cdec571e9b3dc189ae2f

    • SHA512

      f7b3db027f7d2af7abc9cc528a4c5cfa3886e5c22feba3129c9e8653319abe876a37818f75933581a23e36248ae560101ffae21eaba5360f855a27518ae17271

    • SSDEEP

      3072:apHfi7nmw4Lql/8TahfeYJr6YJfwizm5aYuh5RgC:apHqSdLmGoWYJrhJ5zoaYuh5R

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks