General
-
Target
5ab3d7560b20dfcea8ebd7b852fcccb04c2967b77b87802d691d919d71664d34
-
Size
73KB
-
Sample
221123-rj4c6abg7v
-
MD5
36e311a6761be1243eca468269ab86b9
-
SHA1
9a7a7bad88fddf475e86499390813743e81c1a0c
-
SHA256
5ab3d7560b20dfcea8ebd7b852fcccb04c2967b77b87802d691d919d71664d34
-
SHA512
0824d9865220785972410d5d9c709187011f6dd5f59111f1435c276acd7e4cb3b6c55afbad7b2a47e9e92906c56741e5d5e040f4bc35afd29772a812ff426e00
-
SSDEEP
1536:o4Mu3BeVrqmYdsTmaDSleuaoP4GACntaE9YLUiu7tfF:o0aMsCaDqGSAECLUi0tfF
Malware Config
Extracted
pony
http://igwe.3eeweb.com/1/gate.php
Targets
-
-
Target
5ab3d7560b20dfcea8ebd7b852fcccb04c2967b77b87802d691d919d71664d34
-
Size
73KB
-
MD5
36e311a6761be1243eca468269ab86b9
-
SHA1
9a7a7bad88fddf475e86499390813743e81c1a0c
-
SHA256
5ab3d7560b20dfcea8ebd7b852fcccb04c2967b77b87802d691d919d71664d34
-
SHA512
0824d9865220785972410d5d9c709187011f6dd5f59111f1435c276acd7e4cb3b6c55afbad7b2a47e9e92906c56741e5d5e040f4bc35afd29772a812ff426e00
-
SSDEEP
1536:o4Mu3BeVrqmYdsTmaDSleuaoP4GACntaE9YLUiu7tfF:o0aMsCaDqGSAECLUi0tfF
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-