General

  • Target

    23c6a5694b9295649e850f78c95f94bfc4f76bfd088b0ca63ad22f5b206a8ba7

  • Size

    112KB

  • Sample

    221120-k7tejafd26

  • MD5

    330faa02db5271eaca0b6c5b37ba5560

  • SHA1

    4b42497d542a1e0f8c67d62b083f340dcca1f437

  • SHA256

    23c6a5694b9295649e850f78c95f94bfc4f76bfd088b0ca63ad22f5b206a8ba7

  • SHA512

    b9627784996c26b15123f4ed5d54e6a32d382d16c328e7cf7fc1db7fbe3d99f5f866b680ba65c9e34aa2da3a6844d01e9fd4166b9244bb8a48d71b585276ab1c

  • SSDEEP

    1536:Iv9rQb8hoJD4AEJoHun1/6BIoVtNgWCCpJR6u/2+k3j+gU3LPETL4IaEV9zZBMo:UcECHun1illgIJc22+k3j+gU3oY

Malware Config

Extracted

Family

pony

C2

http://abesgrillandbar.com/ponys/gate.php

http://abesgrille.com/ponys/gate.php

http://abesgrillnbar.com/ponys/gate.php

http://abesonthego.com/ponys/gate.php

Attributes
  • payload_url

    http://ftp.salesone.info/3hcm1Tgx.exe

    http://www.busslovakia.sk/bx5.exe

    http://53168069.de.strato-hosting.eu/KtL.exe

    http://desertanglers.com/8WQWNX.exe

Targets

    • Target

      23c6a5694b9295649e850f78c95f94bfc4f76bfd088b0ca63ad22f5b206a8ba7

    • Size

      112KB

    • MD5

      330faa02db5271eaca0b6c5b37ba5560

    • SHA1

      4b42497d542a1e0f8c67d62b083f340dcca1f437

    • SHA256

      23c6a5694b9295649e850f78c95f94bfc4f76bfd088b0ca63ad22f5b206a8ba7

    • SHA512

      b9627784996c26b15123f4ed5d54e6a32d382d16c328e7cf7fc1db7fbe3d99f5f866b680ba65c9e34aa2da3a6844d01e9fd4166b9244bb8a48d71b585276ab1c

    • SSDEEP

      1536:Iv9rQb8hoJD4AEJoHun1/6BIoVtNgWCCpJR6u/2+k3j+gU3LPETL4IaEV9zZBMo:UcECHun1illgIJc22+k3j+gU3oY

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks