General

  • Target

    545de923f11ab09fbcfaf14e3d31f5fd00b4ca61382b9e71319d31fb5be8016a

  • Size

    118KB

  • Sample

    221120-kpw3psef37

  • MD5

    12c38d7e53bfd31b2977c7928d3d2d30

  • SHA1

    062873426a7963a9d43f8fad8582a483389dcbb0

  • SHA256

    545de923f11ab09fbcfaf14e3d31f5fd00b4ca61382b9e71319d31fb5be8016a

  • SHA512

    201605e772c729e43258a5dc6f60133f266941e405b0f551205f8e48c8641d28485c94ecbabb7e0cfd264ae6a86900c9d34456424cd17a11d8aa41f9576adf2d

  • SSDEEP

    1536:ou2A9mREKR7R1RE6kbFYIs187SKUtJUbKnSTrTSgu4Unq4qvCmb68nuWa8BzdW+p:gEfFm87wsKn4RU8vb6lIB5W

Malware Config

Extracted

Family

pony

C2

http://mceneryfinancial.com/forum/viewtopic.php

http://megmcenery.com/forum/viewtopic.php

http://taxfreeincomenow.com/forum/viewtopic.php

http://taxfreeincomenow.info/forum/viewtopic.php

Attributes
  • payload_url

    http://www.assibia.it/zV0Zpg.exe

    http://metrologico.gr/7MJ.exe

    http://ftp.magnusondesign.com/PNxq40.exe

    http://colinwud.com/xN05g.exe

Targets

    • Target

      545de923f11ab09fbcfaf14e3d31f5fd00b4ca61382b9e71319d31fb5be8016a

    • Size

      118KB

    • MD5

      12c38d7e53bfd31b2977c7928d3d2d30

    • SHA1

      062873426a7963a9d43f8fad8582a483389dcbb0

    • SHA256

      545de923f11ab09fbcfaf14e3d31f5fd00b4ca61382b9e71319d31fb5be8016a

    • SHA512

      201605e772c729e43258a5dc6f60133f266941e405b0f551205f8e48c8641d28485c94ecbabb7e0cfd264ae6a86900c9d34456424cd17a11d8aa41f9576adf2d

    • SSDEEP

      1536:ou2A9mREKR7R1RE6kbFYIs187SKUtJUbKnSTrTSgu4Unq4qvCmb68nuWa8BzdW+p:gEfFm87wsKn4RU8vb6lIB5W

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks