General

  • Target

    13dbade74afe153f71398343874ca35f838fe785610e162eb82c07afc7875823

  • Size

    106KB

  • Sample

    221120-ldhllsff52

  • MD5

    247f5ecb6aaab9999b6cffa0a79aa250

  • SHA1

    dc26edb42618c949974835e4218d4d2cbffe1cbc

  • SHA256

    13dbade74afe153f71398343874ca35f838fe785610e162eb82c07afc7875823

  • SHA512

    4c6964ebcf9e3167452396b74cbc1880bd6618c84214ab664adde518e6e2d8c6e641f8a28296cb4279e51d4d32dff6217904c1280938abbe91980bc52993444d

  • SSDEEP

    1536:/A+ElI0E3CMQKv/zwXXOnXDI5ShNPNd7o2bmrkOxWMPLYBbDnTNAzzu:0i0E3kKzwXXO85GNlRo2b4kmPKXnTUz

Malware Config

Extracted

Family

pony

C2

http://dlywptw.info:4915/way/like.php

http://lekgosr.info:4915/way/like.php

Targets

    • Target

      13dbade74afe153f71398343874ca35f838fe785610e162eb82c07afc7875823

    • Size

      106KB

    • MD5

      247f5ecb6aaab9999b6cffa0a79aa250

    • SHA1

      dc26edb42618c949974835e4218d4d2cbffe1cbc

    • SHA256

      13dbade74afe153f71398343874ca35f838fe785610e162eb82c07afc7875823

    • SHA512

      4c6964ebcf9e3167452396b74cbc1880bd6618c84214ab664adde518e6e2d8c6e641f8a28296cb4279e51d4d32dff6217904c1280938abbe91980bc52993444d

    • SSDEEP

      1536:/A+ElI0E3CMQKv/zwXXOnXDI5ShNPNd7o2bmrkOxWMPLYBbDnTNAzzu:0i0E3kKzwXXO85GNlRo2b4kmPKXnTUz

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks