General
-
Target
b65da4f2e98c74864da51f583efac94e553baa82589bdf079b67512e91e8054b
-
Size
277KB
-
Sample
221127-m4c99abh92
-
MD5
c6c3ba4866fb932570e4356230303b17
-
SHA1
79cc4cc09cb198bcd7ad9493d12e060f1f417cfd
-
SHA256
b65da4f2e98c74864da51f583efac94e553baa82589bdf079b67512e91e8054b
-
SHA512
912340f206ec369cdec6f4d7ad0705ad38d0f2ce3b6c59fc78d4749c8bbdeeb6b665064d27c49a6488a155e900b24658ee8995e6742d0321612a36aecddcca50
-
SSDEEP
6144:hiPQ6Db/XmqhLthQ/MUR3EjNZzycExUaGSMywRlpAvhQKV5JS18tuuuC:3Eb/mD/MUR3EZIcEySbspIhQKV5418tO
Malware Config
Extracted
pony
http://asusoftware.no-ip.org/pon/gate.php
Targets
-
-
Target
b65da4f2e98c74864da51f583efac94e553baa82589bdf079b67512e91e8054b
-
Size
277KB
-
MD5
c6c3ba4866fb932570e4356230303b17
-
SHA1
79cc4cc09cb198bcd7ad9493d12e060f1f417cfd
-
SHA256
b65da4f2e98c74864da51f583efac94e553baa82589bdf079b67512e91e8054b
-
SHA512
912340f206ec369cdec6f4d7ad0705ad38d0f2ce3b6c59fc78d4749c8bbdeeb6b665064d27c49a6488a155e900b24658ee8995e6742d0321612a36aecddcca50
-
SSDEEP
6144:hiPQ6Db/XmqhLthQ/MUR3EjNZzycExUaGSMywRlpAvhQKV5JS18tuuuC:3Eb/mD/MUR3EZIcEySbspIhQKV5418tO
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-