General
-
Target
255316b5f1f77770ed6114ee5e7a8d1e96a33beb461df7aab9cef04cefe41447
-
Size
153KB
-
Sample
221126-sley1sch68
-
MD5
8059a743b5dcb0da273f6b60cd556a28
-
SHA1
f3a02632f2ee80956f5d8b04dfee257085af2c06
-
SHA256
255316b5f1f77770ed6114ee5e7a8d1e96a33beb461df7aab9cef04cefe41447
-
SHA512
1a7be01d1113f0404e8c28cc774b664c4b480c3a9033137fd2bfec59d0032fc0f2052314f0aee354b32ac138eeb488c3dd455a3c28f812e2cea65c9e0510cc77
-
SSDEEP
1536:rYAHtcOa9qgxIvgK8GZdcCYgcORiLQOLufb7ASdltz3+jb:rfZSqgava+mCiORiL+fbkSdHOb
Malware Config
Extracted
pony
http://orangeisabitch.net16.net/gate.php
Targets
-
-
Target
255316b5f1f77770ed6114ee5e7a8d1e96a33beb461df7aab9cef04cefe41447
-
Size
153KB
-
MD5
8059a743b5dcb0da273f6b60cd556a28
-
SHA1
f3a02632f2ee80956f5d8b04dfee257085af2c06
-
SHA256
255316b5f1f77770ed6114ee5e7a8d1e96a33beb461df7aab9cef04cefe41447
-
SHA512
1a7be01d1113f0404e8c28cc774b664c4b480c3a9033137fd2bfec59d0032fc0f2052314f0aee354b32ac138eeb488c3dd455a3c28f812e2cea65c9e0510cc77
-
SSDEEP
1536:rYAHtcOa9qgxIvgK8GZdcCYgcORiLQOLufb7ASdltz3+jb:rfZSqgava+mCiORiL+fbkSdHOb
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-