General
-
Target
bff27f8e21892803695b2b5fbcb7e21378244fbde4c44fa611c5e5fa98b549ce
-
Size
254KB
-
Sample
221126-z3t8laed88
-
MD5
8c89b6d5c462d5acf263595847ec4b73
-
SHA1
4470bc92f00abc47253bdfa44bc31c7ae7caa45f
-
SHA256
bff27f8e21892803695b2b5fbcb7e21378244fbde4c44fa611c5e5fa98b549ce
-
SHA512
8b6e4406be7a7e22ca5029e74fe9c24ef9d6a384098ed047d847297f578ab8d5601708c403f168a0c990763b61ae945e44ef07419896f7fd6f2f4c5162fb37c1
-
SSDEEP
3072:QQorU9oV62DZCVKxHvhNmQtsZv2Wbacl7U6TxnwXPq2vAlywrKft4ZZf3FPkAXvt:TorU9oV6oxHpLtS72cBfwC240mF
Malware Config
Extracted
pony
http://shoptoolgtav.craym.eu/gate.php
Targets
-
-
Target
bff27f8e21892803695b2b5fbcb7e21378244fbde4c44fa611c5e5fa98b549ce
-
Size
254KB
-
MD5
8c89b6d5c462d5acf263595847ec4b73
-
SHA1
4470bc92f00abc47253bdfa44bc31c7ae7caa45f
-
SHA256
bff27f8e21892803695b2b5fbcb7e21378244fbde4c44fa611c5e5fa98b549ce
-
SHA512
8b6e4406be7a7e22ca5029e74fe9c24ef9d6a384098ed047d847297f578ab8d5601708c403f168a0c990763b61ae945e44ef07419896f7fd6f2f4c5162fb37c1
-
SSDEEP
3072:QQorU9oV62DZCVKxHvhNmQtsZv2Wbacl7U6TxnwXPq2vAlywrKft4ZZf3FPkAXvt:TorU9oV6oxHpLtS72cBfwC240mF
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-