General
-
Target
6606691162289f7d485a0a7473a9ba35dc453c9c35ceb0e9cf2c0009b0ff27f0
-
Size
83KB
-
Sample
221127-m4tbgaca38
-
MD5
d55af245b2121021c266e519e364839c
-
SHA1
9933c10c4e3361c574c8c8e1f922a9c3fd06bc45
-
SHA256
6606691162289f7d485a0a7473a9ba35dc453c9c35ceb0e9cf2c0009b0ff27f0
-
SHA512
ef869d7f72d1d37e868f48acb31493404a651ea6140076f42c026ffb30e34af5e617bacc15795d47dd82823ffbb6ebdb5d87dfa5a08b7a82f1804e4aa45a5e11
-
SSDEEP
1536:3c4RANumqThI/wdgqGbTtqaQehAVqCOF/aOmhTYEPEkzmxl:NGSgqEqaQ3XOk0EPIxl
Malware Config
Extracted
pony
http://elfmakine.com/turkphp/gate.php
-
payload_url
http://elfmakine.com/turkphp/turk.exe
Targets
-
-
Target
6606691162289f7d485a0a7473a9ba35dc453c9c35ceb0e9cf2c0009b0ff27f0
-
Size
83KB
-
MD5
d55af245b2121021c266e519e364839c
-
SHA1
9933c10c4e3361c574c8c8e1f922a9c3fd06bc45
-
SHA256
6606691162289f7d485a0a7473a9ba35dc453c9c35ceb0e9cf2c0009b0ff27f0
-
SHA512
ef869d7f72d1d37e868f48acb31493404a651ea6140076f42c026ffb30e34af5e617bacc15795d47dd82823ffbb6ebdb5d87dfa5a08b7a82f1804e4aa45a5e11
-
SSDEEP
1536:3c4RANumqThI/wdgqGbTtqaQehAVqCOF/aOmhTYEPEkzmxl:NGSgqEqaQ3XOk0EPIxl
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-