General
-
Target
5fe4f51d4981761f8f5a526c103e7808059a3af983142773ffb6599c84398d3f
-
Size
114KB
-
Sample
221125-z4ymeaaf2v
-
MD5
33e11ed8831e47a93a1f8ce972d8d262
-
SHA1
97fdd00434c5fc821f6ef6fbb7bbd41de3bc4f62
-
SHA256
5fe4f51d4981761f8f5a526c103e7808059a3af983142773ffb6599c84398d3f
-
SHA512
dd0d48e1ac98bc15cfd254a497cae247d9d24eca3634ff7935b65c31520abebb17d8fe80e602d27a6c3c17f26c3d14b1287a98936f5a18bf127748c4148aa241
-
SSDEEP
3072:/XAtWYKBlViw1GBcMc0ToVAD6moAiOkj2Xa7UK9:fAoYKXViwcjc01d4y
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://66.175.217.203/pony/gate.php
-
payload_url
http://www.nipbr.com/Macs.exe
http://propasmanagement.com/qTNc.exe
http://officialhurricanesurvivalkits.com/aHU.exe
Targets
-
-
Target
5fe4f51d4981761f8f5a526c103e7808059a3af983142773ffb6599c84398d3f
-
Size
114KB
-
MD5
33e11ed8831e47a93a1f8ce972d8d262
-
SHA1
97fdd00434c5fc821f6ef6fbb7bbd41de3bc4f62
-
SHA256
5fe4f51d4981761f8f5a526c103e7808059a3af983142773ffb6599c84398d3f
-
SHA512
dd0d48e1ac98bc15cfd254a497cae247d9d24eca3634ff7935b65c31520abebb17d8fe80e602d27a6c3c17f26c3d14b1287a98936f5a18bf127748c4148aa241
-
SSDEEP
3072:/XAtWYKBlViw1GBcMc0ToVAD6moAiOkj2Xa7UK9:fAoYKXViwcjc01d4y
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-