General
-
Target
6bbf0b05f500378169a1c2facddd7263ef397585dbfe5d2b246d567969109da5
-
Size
80KB
-
Sample
221126-fgnzxagc4s
-
MD5
1f2fc89dbad55669786769117a44c53d
-
SHA1
e8172b3557a4e6c1513b79f48ccf419b548b7a53
-
SHA256
6bbf0b05f500378169a1c2facddd7263ef397585dbfe5d2b246d567969109da5
-
SHA512
05b87440480125c32b6ddf542d8489d8f5555570cd7ca2e1a290a261822819a3d55cce7552f02f34b9e3fa8365d93f8342b2a8b830ebdde895d0ef723febd654
-
SSDEEP
1536:1olet0i5HSkETzl72B3PEUW73KW5igFUulERGg0GohJnouy8HKyL:met0WHxETzl7sfJ5jgFeRG/Tfoutq
Malware Config
Extracted
pony
http://ppcbizgroups.com/zap/gate.php
Targets
-
-
Target
6bbf0b05f500378169a1c2facddd7263ef397585dbfe5d2b246d567969109da5
-
Size
80KB
-
MD5
1f2fc89dbad55669786769117a44c53d
-
SHA1
e8172b3557a4e6c1513b79f48ccf419b548b7a53
-
SHA256
6bbf0b05f500378169a1c2facddd7263ef397585dbfe5d2b246d567969109da5
-
SHA512
05b87440480125c32b6ddf542d8489d8f5555570cd7ca2e1a290a261822819a3d55cce7552f02f34b9e3fa8365d93f8342b2a8b830ebdde895d0ef723febd654
-
SSDEEP
1536:1olet0i5HSkETzl72B3PEUW73KW5igFUulERGg0GohJnouy8HKyL:met0WHxETzl7sfJ5jgFeRG/Tfoutq
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-