General

  • Target

    7a929e0bcdd9783f930e3eb9cf14b3f42c0747410667d9e2059f4b6cf9f03031

  • Size

    395KB

  • Sample

    221120-kaak6aea52

  • MD5

    48ad2da75ae5f7d3d46a8491a800ad10

  • SHA1

    b4126a8543518cada2bb3387024694e46bfb56bd

  • SHA256

    7a929e0bcdd9783f930e3eb9cf14b3f42c0747410667d9e2059f4b6cf9f03031

  • SHA512

    6a701af7c1d74ecc8c08170c5eba7aaa992a9cf1ea8789a453713751dd390783133186e1854123aa83f886f800f33895b8a07365ae8b5464f3859c4a8396f471

  • SSDEEP

    12288:CGLgYFsBx4Oag/GDQ9kCF3lFsy4fkAXg7VcWt6tjQWtKgCDAX:FLgYFs1g

Malware Config

Extracted

Family

pony

C2

http://ntumakafillingxrux.net/meg33/gate.php

Targets

    • Target

      7a929e0bcdd9783f930e3eb9cf14b3f42c0747410667d9e2059f4b6cf9f03031

    • Size

      395KB

    • MD5

      48ad2da75ae5f7d3d46a8491a800ad10

    • SHA1

      b4126a8543518cada2bb3387024694e46bfb56bd

    • SHA256

      7a929e0bcdd9783f930e3eb9cf14b3f42c0747410667d9e2059f4b6cf9f03031

    • SHA512

      6a701af7c1d74ecc8c08170c5eba7aaa992a9cf1ea8789a453713751dd390783133186e1854123aa83f886f800f33895b8a07365ae8b5464f3859c4a8396f471

    • SSDEEP

      12288:CGLgYFsBx4Oag/GDQ9kCF3lFsy4fkAXg7VcWt6tjQWtKgCDAX:FLgYFs1g

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks