General
-
Target
adbb5c61e9bc8b10b20e151e4ee4c36fb1af0adbdb36997688b4ae7caea680fd
-
Size
62KB
-
Sample
221126-fg5bwsda28
-
MD5
8bfd9f2b92e4e61fe7a51e4a96e8df26
-
SHA1
cb1f19ebbda2865661c2df77421e4ff87f9d928f
-
SHA256
adbb5c61e9bc8b10b20e151e4ee4c36fb1af0adbdb36997688b4ae7caea680fd
-
SHA512
6b110134722abab477af6e7f4e2c97c80e20dba35a77dac604c169f4c185cb7c45c38a40e2833ad7243b428d46af755fad63568f250f36395affe8bdd0c074fb
-
SSDEEP
1536:6XBQRfmWYcim1BHSDCCX7Ix6GZjuKTnouy8+yMCq:SBQRRimfHSDCQcuKrout+y6
Malware Config
Extracted
pony
http://soulflower.com.mx/world/gate.php
Targets
-
-
Target
adbb5c61e9bc8b10b20e151e4ee4c36fb1af0adbdb36997688b4ae7caea680fd
-
Size
62KB
-
MD5
8bfd9f2b92e4e61fe7a51e4a96e8df26
-
SHA1
cb1f19ebbda2865661c2df77421e4ff87f9d928f
-
SHA256
adbb5c61e9bc8b10b20e151e4ee4c36fb1af0adbdb36997688b4ae7caea680fd
-
SHA512
6b110134722abab477af6e7f4e2c97c80e20dba35a77dac604c169f4c185cb7c45c38a40e2833ad7243b428d46af755fad63568f250f36395affe8bdd0c074fb
-
SSDEEP
1536:6XBQRfmWYcim1BHSDCCX7Ix6GZjuKTnouy8+yMCq:SBQRRimfHSDCQcuKrout+y6
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-