General
-
Target
655b609673a9c27187a7a9f3b7811c7f45e6dc5c0f07029c06ac7608cb1aad87
-
Size
155KB
-
Sample
221126-fgplfach79
-
MD5
a874e6fa36ed26ebeba78ccc8ef763ad
-
SHA1
0621e142dc6a9ff9bd6fb6411a7b517742368ea2
-
SHA256
655b609673a9c27187a7a9f3b7811c7f45e6dc5c0f07029c06ac7608cb1aad87
-
SHA512
2e2bd32ea781db1462a79f9d20e7bd1d3165dd04a99053c2dabbafeee8e95bc183c3b4ff7038f778e82c9a573b441d9c10f503206bb6c5fb564eb0376da4dc36
-
SSDEEP
3072:QfaTgpRM+TqOsz+aSmUAX/N8l8iGmj+4EckcoHDe0ZSqMud6mG:WvfO/NQ9G6ZcK3huFG
Malware Config
Extracted
pony
http://zurekconstruction.com/wp-content/themes/twentythirteen/redirect.php
http://4dpotolki.ru/wp-content/index.php
http://formevip.ru/wp-content/plugins/buddypress/redirect.php
http://my-suba.ru/kernel/includes/redirect.php
http://doc-plastic.ru/pages/gate.php
http://yura.pudul.ru/plyushka/sites/default/redirect.php
http://avrorarealty.com/modules/living/gate.php
http://uk-legal.com.ua/modules/content/test.php
http://aisrf.ru/images/011014.jpg
http://zblog.at.ua/images/011014.dat
http://4dpotolki.ru/wp-content/upgrade/011014.dat
http://all-cs.moy.su/prin/011014.dat
http://auto-billiard.ru/data/PRCENTERAUTBIL/attachments/SC/products_files/011014.dat
http://gid-piter.ru/upload/011014.dat
http://k-dialog.ru/libraries/legacy/form/011014.dat
http://ikt-msk.ru/plugins/finder/011014.dat
http://odsint2.com/js/tiny_mce/utils/st.php?id=do
Targets
-
-
Target
0day warez.url
-
Size
117B
-
MD5
8cbd314b2ad010d3d98b491bf43e17e5
-
SHA1
a2c325f51fbca539ba4257aeb28c7a3f5b7c2c55
-
SHA256
74487459b955a2a5c2139979109005bd2fb1a4c5ba00c6b66e8b09788a32c404
-
SHA512
d3544903e08be65288e6ee057bf98df9646d93381136d8c34df74c99d7c28933f1321bc3575d3a70878cbcb0bfc72f0a0fdc6eea8f4972e4a5af61afee3dae1c
Score1/10 -
-
-
Target
CPLApp.cpl
-
Size
71KB
-
MD5
6e6ff1275216a0c31bbb792b53f47083
-
SHA1
5da5d675ab6873993bdfcc871e2cb08701453fc3
-
SHA256
700573ca11f25afd36f7efaf8309d0eed89dd687e966563ef8faab715666506d
-
SHA512
5856a28b0dd3f3fceeaaba852aef0ccbed1bb8595249fdc83d4b76e9d83aa7bb9c7fd557346b5302ee5ffec979aa8561afa71bae126bf46e3dc16425d51e089a
-
SSDEEP
768:uoeZZay22YPfYl+hZYhTjRFcK9601g6vuoMRhil2rQAbTfSOsMY9cmIILX:5eQ/PfEhTjTgpRMSbTqOsz9c6b
Score1/10 -
-
-
Target
patch.exe
-
Size
131KB
-
MD5
0b42af1852f7f082ec63617d9a39eac9
-
SHA1
7f29ae89ca3e1a6de9ef326eec49e7d119fbaa13
-
SHA256
dd7c054e96f61730670964c414e0e07fee8d1c44564ff183136c6272bdb27ec0
-
SHA512
673eb35c6494c372ccff4eefbc4b62e37b4c83905584913d4524e766abe39c167e93a4e066d609ba6efea360cdda6181ae32b15ed7d8051cc3a9b73ab90c6a8e
-
SSDEEP
3072:7qu3HSWaxXpX0wWd2QDyIlBnU1DDe0ZSqMud6mq:7pXdY0ld2odUdK3huFq
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-