General

  • Target

    404b45f362d56105caeb51d06e980784b89739a9d64062d777a6cfde6821392f

  • Size

    133KB

  • Sample

    221120-kx12maac7z

  • MD5

    416e2c2fcac0cfbb79eb0fbe84d7a290

  • SHA1

    88d9b2fa95a3bcd68633b11d3b3af88d6de06493

  • SHA256

    404b45f362d56105caeb51d06e980784b89739a9d64062d777a6cfde6821392f

  • SHA512

    a9a4b4988e20a87de9188e0e793594ff476821055e542d78dce67ee2038c808e601bfa8e805ed0a33f7956ba4c5fc4190c9542915d8e2b5d92bdb90b48b8ed3e

  • SSDEEP

    3072:1r6FpbvUNjOKXwbv4R1RR9TmZLJ4CW/y7OYwR4:JmLU1Ow4vyK1AK7OY/

Malware Config

Extracted

Family

pony

C2

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://116.122.158.195:8080/forum/viewtopic.php

http://prosbarandgrill.com/forum/viewtopic.php

http://rap-mobility.com/forum/viewtopic.php

Attributes
  • payload_url

    http://www.holzbau-glas.de/LBM5tvp.exe

    http://magento.takkens.com/58x1nHa.exe

    http://forexwinnersacademy.com/TBuGtv.exe

    http://exhibitlink.biz/s5GqAd.exe

Targets

    • Target

      404b45f362d56105caeb51d06e980784b89739a9d64062d777a6cfde6821392f

    • Size

      133KB

    • MD5

      416e2c2fcac0cfbb79eb0fbe84d7a290

    • SHA1

      88d9b2fa95a3bcd68633b11d3b3af88d6de06493

    • SHA256

      404b45f362d56105caeb51d06e980784b89739a9d64062d777a6cfde6821392f

    • SHA512

      a9a4b4988e20a87de9188e0e793594ff476821055e542d78dce67ee2038c808e601bfa8e805ed0a33f7956ba4c5fc4190c9542915d8e2b5d92bdb90b48b8ed3e

    • SSDEEP

      3072:1r6FpbvUNjOKXwbv4R1RR9TmZLJ4CW/y7OYwR4:JmLU1Ow4vyK1AK7OY/

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks