General
-
Target
29f94febbac1b9a2ccd4d94e3d39cfb1d58519d2fa64bffaaa4e7b77dc46779e
-
Size
109KB
-
Sample
221123-lvwvkafg5x
-
MD5
171964df131f80b9539ae742fdd0e734
-
SHA1
ec30df099d9f7157a3c210657c0ee81805946465
-
SHA256
29f94febbac1b9a2ccd4d94e3d39cfb1d58519d2fa64bffaaa4e7b77dc46779e
-
SHA512
bcd0087dd9843f4612d7a488575a5c7640bf8cba602f5421db724ab79c966b6b8acec409509474971dd9a130f539a9ed52f1d388be3af04cff45726382411cf3
-
SSDEEP
3072:rJZIqCxrmFlBIoCTLBYJZa4MOamUKx3zrnpoIZ2ayBusODV:9ZIbxrmFllouva4MOp99oe2RODV
Malware Config
Extracted
pony
http://golklopro.com/bitrix/modules.php
http://cosjesgame.su/bitrix/modules.php
-
payload_url
http://teles4.com/333.exe
http://gavilan.cl/333.exe
http://emstudio.fr/333.exe
http://calduler.com/333.exe
http://iamsaved.org/333.exe
Targets
-
-
Target
29f94febbac1b9a2ccd4d94e3d39cfb1d58519d2fa64bffaaa4e7b77dc46779e
-
Size
109KB
-
MD5
171964df131f80b9539ae742fdd0e734
-
SHA1
ec30df099d9f7157a3c210657c0ee81805946465
-
SHA256
29f94febbac1b9a2ccd4d94e3d39cfb1d58519d2fa64bffaaa4e7b77dc46779e
-
SHA512
bcd0087dd9843f4612d7a488575a5c7640bf8cba602f5421db724ab79c966b6b8acec409509474971dd9a130f539a9ed52f1d388be3af04cff45726382411cf3
-
SSDEEP
3072:rJZIqCxrmFlBIoCTLBYJZa4MOamUKx3zrnpoIZ2ayBusODV:9ZIbxrmFllouva4MOp99oe2RODV
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-