General
-
Target
4eb0b05940b43c6b87dd606d7413ad6d71feb8cb0eb978b01c23a9ffcaa80d02
-
Size
271KB
-
Sample
221126-adezyage63
-
MD5
6e4645ff14305042d87404d3e8d086fe
-
SHA1
d5395d28bba39f9b376a221f4a4ae7f11e8910ed
-
SHA256
4eb0b05940b43c6b87dd606d7413ad6d71feb8cb0eb978b01c23a9ffcaa80d02
-
SHA512
b63be2d8a71ab7b39b7719eb498a7c1b4da497bdae52d48c99dbeff8df045fd957529e8342a7bb1e4c998bce706e80fe100130b4dc6cc23810308070b43d6ee1
-
SSDEEP
6144:f59v4ClUtgFH9qf6fIiT9R7rkQskMh9125j:fnvNUSH9qII6e7a
Malware Config
Extracted
pony
http://91.220.163.21/pony2/gate.php
Targets
-
-
Target
4eb0b05940b43c6b87dd606d7413ad6d71feb8cb0eb978b01c23a9ffcaa80d02
-
Size
271KB
-
MD5
6e4645ff14305042d87404d3e8d086fe
-
SHA1
d5395d28bba39f9b376a221f4a4ae7f11e8910ed
-
SHA256
4eb0b05940b43c6b87dd606d7413ad6d71feb8cb0eb978b01c23a9ffcaa80d02
-
SHA512
b63be2d8a71ab7b39b7719eb498a7c1b4da497bdae52d48c99dbeff8df045fd957529e8342a7bb1e4c998bce706e80fe100130b4dc6cc23810308070b43d6ee1
-
SSDEEP
6144:f59v4ClUtgFH9qf6fIiT9R7rkQskMh9125j:fnvNUSH9qII6e7a
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-