General

  • Target

    2014375a5dc7b650ff1f89da7dfa4b7eba153515b9c8557f7bf43d88ef39de9c

  • Size

    109KB

  • Sample

    221120-k81v1aag6x

  • MD5

    334929157920afc78f6e40c7dd312541

  • SHA1

    78e1923c3b4ba92750f6062da4e8303d3f11794a

  • SHA256

    2014375a5dc7b650ff1f89da7dfa4b7eba153515b9c8557f7bf43d88ef39de9c

  • SHA512

    6c7c9d29f6c4301825ebc83b988f0205e2e2c28ae6523f15670f4edf0e7c42cb532da0841651668c3bda3e86c116c5e0998fb3e390d7d20cf6bdc272621496fe

  • SSDEEP

    3072:xOWrTXfuats9UDfS/eEdVUh6NqAYJIXg:RrjfQeAGIoRJIQ

Malware Config

Extracted

Family

pony

C2

http://apparelacademy.net/forum/viewtopic.php

http://dragoncigars.net/forum/viewtopic.php

http://heavenlycigars.net/forum/viewtopic.php

http://libertychristianstore.com/forum/viewtopic.php

Attributes
  • payload_url

    http://globaldoesitall.com/2gX0.exe

    http://derricoassociati.it/KLGS.exe

    http://vacancies.cpsic.co.uk/j3HC.exe

    http://www.stenocenter.it/BEys1t.exe

Targets

    • Target

      2014375a5dc7b650ff1f89da7dfa4b7eba153515b9c8557f7bf43d88ef39de9c

    • Size

      109KB

    • MD5

      334929157920afc78f6e40c7dd312541

    • SHA1

      78e1923c3b4ba92750f6062da4e8303d3f11794a

    • SHA256

      2014375a5dc7b650ff1f89da7dfa4b7eba153515b9c8557f7bf43d88ef39de9c

    • SHA512

      6c7c9d29f6c4301825ebc83b988f0205e2e2c28ae6523f15670f4edf0e7c42cb532da0841651668c3bda3e86c116c5e0998fb3e390d7d20cf6bdc272621496fe

    • SSDEEP

      3072:xOWrTXfuats9UDfS/eEdVUh6NqAYJIXg:RrjfQeAGIoRJIQ

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks