General
-
Target
4909dc45f782807de96c317c2a31bbb827682be96ab898ddc809a4172eb44f64
-
Size
419KB
-
Sample
221127-m4ajcsbh86
-
MD5
a1d9f54eedc9f8e520ea366e8e7143f3
-
SHA1
95fdaca94b6c851128c64f7cc678b4c0f1b8884c
-
SHA256
4909dc45f782807de96c317c2a31bbb827682be96ab898ddc809a4172eb44f64
-
SHA512
706b0705bd738f36b9e25e9085fba993378bd35917963ddad992924a9491147f053d58eb1b600d1cde591ae53f81fc11f1d3b88a2bceca49df2938d091d3c90f
-
SSDEEP
6144:DszIafL4ujfV8mxCMERv2EoCjWus8vvht+cN/IxPQ5Vo+xuMa46:DoIafUWVHcveOWuRvvhEs/I4TkMa46
Malware Config
Extracted
pony
http://asusoftware.no-ip.org/pon/gate.php
Targets
-
-
Target
4909dc45f782807de96c317c2a31bbb827682be96ab898ddc809a4172eb44f64
-
Size
419KB
-
MD5
a1d9f54eedc9f8e520ea366e8e7143f3
-
SHA1
95fdaca94b6c851128c64f7cc678b4c0f1b8884c
-
SHA256
4909dc45f782807de96c317c2a31bbb827682be96ab898ddc809a4172eb44f64
-
SHA512
706b0705bd738f36b9e25e9085fba993378bd35917963ddad992924a9491147f053d58eb1b600d1cde591ae53f81fc11f1d3b88a2bceca49df2938d091d3c90f
-
SSDEEP
6144:DszIafL4ujfV8mxCMERv2EoCjWus8vvht+cN/IxPQ5Vo+xuMa46:DoIafUWVHcveOWuRvvhEs/I4TkMa46
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-