General
-
Target
a792a0198a28b335187c52822723f91fea12f3cd89e021ca7733f43d815b2bdb
-
Size
151KB
-
Sample
221126-vytn2sec61
-
MD5
46b84f8c42897c26680d1b5193c615db
-
SHA1
032ca1cfdc9a45adf858c48d0bf9644294c26e3a
-
SHA256
a792a0198a28b335187c52822723f91fea12f3cd89e021ca7733f43d815b2bdb
-
SHA512
51dd052f3c278f2f2cc7255cd5855584e513989b1b169145f877325218118533ca5c53cfade242f74235ae2679781c45062914b52f14833ccf6d974cfca1b097
-
SSDEEP
3072:FUF5yMgUTNKsrvjXchNOBROkk+dSe/FG1AvM:iIGNBvjMzzkk+dXq
Malware Config
Extracted
pony
http://d-mmoney.favcc1.com/gate.php
-
payload_url
http://d-mmoney.favcc1.com/shit.exe
Targets
-
-
Target
a792a0198a28b335187c52822723f91fea12f3cd89e021ca7733f43d815b2bdb
-
Size
151KB
-
MD5
46b84f8c42897c26680d1b5193c615db
-
SHA1
032ca1cfdc9a45adf858c48d0bf9644294c26e3a
-
SHA256
a792a0198a28b335187c52822723f91fea12f3cd89e021ca7733f43d815b2bdb
-
SHA512
51dd052f3c278f2f2cc7255cd5855584e513989b1b169145f877325218118533ca5c53cfade242f74235ae2679781c45062914b52f14833ccf6d974cfca1b097
-
SSDEEP
3072:FUF5yMgUTNKsrvjXchNOBROkk+dSe/FG1AvM:iIGNBvjMzzkk+dXq
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-