General

  • Target

    12dabae7c735b09260b1b03240b7ace61e9b0055d5947dd83ccd1d30abaeff9c

  • Size

    114KB

  • Sample

    221120-lds3caba2z

  • MD5

    3f8f8d7ff45bb415f8913a80d75e2e00

  • SHA1

    bcea4dab6073bf0c2232533fd1a0d32585df6e92

  • SHA256

    12dabae7c735b09260b1b03240b7ace61e9b0055d5947dd83ccd1d30abaeff9c

  • SHA512

    667ceab560e30e58d1291f9d5efc40cb65a90e63336ddd9c2b2a69c823c34c280f46add633809eb00885e25d9557a4255a21419862a2dd5b77006aa0d58c97f2

  • SSDEEP

    3072:kbwIoHNaBXSlmOA8YVAbFXkgSM5WryAmg5dzEL:kEIgeioR8qUXbIJEL

Malware Config

Extracted

Family

pony

C2

http://199.168.184.198:81/ponys/gate.php

http://116.122.158.195:8080/ponys/gate.php

http://maine-munchies.com/ponys/gate.php

http://thecaviarofmaine.com/ponys/gate.php

Attributes
  • payload_url

    http://bartenderreview.com/cCyZ.exe

    http://www.pc-dienst-beck.de/8DM3o3pG.exe

    http://privatesavings.ca/xbDQUEFi.exe

    http://spireportal.net/Q19pE.exe

Targets

    • Target

      12dabae7c735b09260b1b03240b7ace61e9b0055d5947dd83ccd1d30abaeff9c

    • Size

      114KB

    • MD5

      3f8f8d7ff45bb415f8913a80d75e2e00

    • SHA1

      bcea4dab6073bf0c2232533fd1a0d32585df6e92

    • SHA256

      12dabae7c735b09260b1b03240b7ace61e9b0055d5947dd83ccd1d30abaeff9c

    • SHA512

      667ceab560e30e58d1291f9d5efc40cb65a90e63336ddd9c2b2a69c823c34c280f46add633809eb00885e25d9557a4255a21419862a2dd5b77006aa0d58c97f2

    • SSDEEP

      3072:kbwIoHNaBXSlmOA8YVAbFXkgSM5WryAmg5dzEL:kEIgeioR8qUXbIJEL

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks