General

  • Target

    c48a56c109ff3654a12213aa1d56aa9f833f23ccedb720dc4eee341988418d49

  • Size

    69KB

  • Sample

    221123-lwl2racd77

  • MD5

    0690e94679a1137fc276f9a277bdaa58

  • SHA1

    04f69e58fbb7a5a08ad0e39452d92af6ef5bdf45

  • SHA256

    c48a56c109ff3654a12213aa1d56aa9f833f23ccedb720dc4eee341988418d49

  • SHA512

    61dacabf85bc5b09d74a58e13eb0b8957f8a111c706d46b966ea996a26f6eb9f97df65f9d344ee58c54d4e4d5f83b749397db3eedd00e12d5bc9b722ae74f002

  • SSDEEP

    768:rA6VTuFC1iVEj7cO0AgZuTQ+nyISnZdW1sl8XImC0EW751Kdwt:rA6QFimw0cTQ6p4Z81sMvC0h51KdU

Malware Config

Extracted

Family

pony

C2

http://188.165.204.223:8080/pony/gate.php

Targets

    • Target

      c48a56c109ff3654a12213aa1d56aa9f833f23ccedb720dc4eee341988418d49

    • Size

      69KB

    • MD5

      0690e94679a1137fc276f9a277bdaa58

    • SHA1

      04f69e58fbb7a5a08ad0e39452d92af6ef5bdf45

    • SHA256

      c48a56c109ff3654a12213aa1d56aa9f833f23ccedb720dc4eee341988418d49

    • SHA512

      61dacabf85bc5b09d74a58e13eb0b8957f8a111c706d46b966ea996a26f6eb9f97df65f9d344ee58c54d4e4d5f83b749397db3eedd00e12d5bc9b722ae74f002

    • SSDEEP

      768:rA6VTuFC1iVEj7cO0AgZuTQ+nyISnZdW1sl8XImC0EW751Kdwt:rA6QFimw0cTQ6p4Z81sMvC0h51KdU

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks