General
-
Target
22d9300fd61f473d078ed4dac161adf548dda3dbd25834c612949a64a9580bfb
-
Size
31KB
-
Sample
221127-m4wftsff2s
-
MD5
e0cb9be97c1cef47582b920bdfaa1c10
-
SHA1
a2ea67448c352dc51a1d0f77d55bb1da760b8d2b
-
SHA256
22d9300fd61f473d078ed4dac161adf548dda3dbd25834c612949a64a9580bfb
-
SHA512
68123aa13a375c1e710852ed7835ae592d3518fb1403585e5bf1de929c13f4abc9879e459ceb745375dee5cbe664cf0f81d24c28ad20308000d8c4e1befdb3a3
-
SSDEEP
768:rXRBH69uDjpez1AhgQ9ZPj0JFDKQb7tO0Kow:9BaxpAhgex0JFLh/Ko
Malware Config
Extracted
pony
http://safehosters.org/my/gate.php
Targets
-
-
Target
22d9300fd61f473d078ed4dac161adf548dda3dbd25834c612949a64a9580bfb
-
Size
31KB
-
MD5
e0cb9be97c1cef47582b920bdfaa1c10
-
SHA1
a2ea67448c352dc51a1d0f77d55bb1da760b8d2b
-
SHA256
22d9300fd61f473d078ed4dac161adf548dda3dbd25834c612949a64a9580bfb
-
SHA512
68123aa13a375c1e710852ed7835ae592d3518fb1403585e5bf1de929c13f4abc9879e459ceb745375dee5cbe664cf0f81d24c28ad20308000d8c4e1befdb3a3
-
SSDEEP
768:rXRBH69uDjpez1AhgQ9ZPj0JFDKQb7tO0Kow:9BaxpAhgex0JFLh/Ko
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-