General

  • Target

    23357a72df7d44d6d302e0b4462f610cead5a23b6daa58824e08807f12be56a1

  • Size

    123KB

  • Sample

    221120-k72e5sag3w

  • MD5

    3e1ce664d45da19e84aa0a20598de3b0

  • SHA1

    8d13d81a56ff6551431482326aa4babd13b4785e

  • SHA256

    23357a72df7d44d6d302e0b4462f610cead5a23b6daa58824e08807f12be56a1

  • SHA512

    5a57b03b38679441676df96b582bbbbaeed9f70b8d8be5e964281bbe2f53b0446bd2a65cde2f05ca04fe88f6dcbe63e5852be79a85f86b47d6d79d3aa184b1fd

  • SSDEEP

    3072:xdQGNtKU/XJhyQhgDyJ9ALSvvx0IOCgqO5/+6gh:7ZNb/ZMKgDyJFv6D/dgh

Malware Config

Extracted

Family

pony

C2

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://lasertoned.com/forum/viewtopic.php

http://lasertuck.com/forum/viewtopic.php

http://lazersculpt.com/forum/viewtopic.php

Attributes
  • payload_url

    http://arepix.cz/AqTb.exe

    http://sainitravels.in/JfV8ZsSn.exe

    http://www.sysdbs.com.br/GpH.exe

    http://yuniedesign.com/QqA4J.exe

Targets

    • Target

      23357a72df7d44d6d302e0b4462f610cead5a23b6daa58824e08807f12be56a1

    • Size

      123KB

    • MD5

      3e1ce664d45da19e84aa0a20598de3b0

    • SHA1

      8d13d81a56ff6551431482326aa4babd13b4785e

    • SHA256

      23357a72df7d44d6d302e0b4462f610cead5a23b6daa58824e08807f12be56a1

    • SHA512

      5a57b03b38679441676df96b582bbbbaeed9f70b8d8be5e964281bbe2f53b0446bd2a65cde2f05ca04fe88f6dcbe63e5852be79a85f86b47d6d79d3aa184b1fd

    • SSDEEP

      3072:xdQGNtKU/XJhyQhgDyJ9ALSvvx0IOCgqO5/+6gh:7ZNb/ZMKgDyJFv6D/dgh

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks