General

  • Target

    4cad786f8f4926854998a4046f5e4d48432550ad1df7d743a3ea2ccaa1c6288e

  • Size

    134KB

  • Sample

    221120-ksac4sab3s

  • MD5

    505958030be46413aa10595b88141d90

  • SHA1

    8000907421c3bfdf29ea887aaa0a61ddf7696187

  • SHA256

    4cad786f8f4926854998a4046f5e4d48432550ad1df7d743a3ea2ccaa1c6288e

  • SHA512

    d0f9e39fb646965858adf53525f346d165eb99dcd85ecb8b440b2103d05dd28baee0cddddbd9f25d24ec82c25105d168467bd74adf8a8c727f00cbfc7ccf3709

  • SSDEEP

    1536:ViHjlYEOpS4nGESeEcI6KSwcbPjbuRKlXwLSl9udU5+12UVHYNmpkLcKd32N5GjQ:MrRxA1PqKlXwLI9V+2ofkLcgG/GjSjC

Malware Config

Extracted

Family

pony

C2

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://116.122.158.195:8080/forum/viewtopic.php

http://endsleepapnea.com/forum/viewtopic.php

http://iecho-mobility.com/forum/viewtopic.php

Attributes
  • payload_url

    http://www.holzbau-glas.de/LBM5tvp.exe

    http://magento.takkens.com/58x1nHa.exe

    http://forexwinnersacademy.com/TBuGtv.exe

    http://exhibitlink.biz/s5GqAd.exe

Targets

    • Target

      4cad786f8f4926854998a4046f5e4d48432550ad1df7d743a3ea2ccaa1c6288e

    • Size

      134KB

    • MD5

      505958030be46413aa10595b88141d90

    • SHA1

      8000907421c3bfdf29ea887aaa0a61ddf7696187

    • SHA256

      4cad786f8f4926854998a4046f5e4d48432550ad1df7d743a3ea2ccaa1c6288e

    • SHA512

      d0f9e39fb646965858adf53525f346d165eb99dcd85ecb8b440b2103d05dd28baee0cddddbd9f25d24ec82c25105d168467bd74adf8a8c727f00cbfc7ccf3709

    • SSDEEP

      1536:ViHjlYEOpS4nGESeEcI6KSwcbPjbuRKlXwLSl9udU5+12UVHYNmpkLcKd32N5GjQ:MrRxA1PqKlXwLI9V+2ofkLcgG/GjSjC

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks