General
-
Target
53230e34b5f729957c76a65ad0f2f229f7b429b8e57d79e2ba41c449fd2a44b0
-
Size
143KB
-
Sample
221127-m4xc5aca46
-
MD5
021585c4015ba9cadb9e96f16ac3f408
-
SHA1
deab89c569586d4ba314f2854c82ef6c418f68ca
-
SHA256
53230e34b5f729957c76a65ad0f2f229f7b429b8e57d79e2ba41c449fd2a44b0
-
SHA512
2ab0fb30ef725f963a15f94b7c451caf89135b26c068f1382219a74e667e57ea4d03c1f893ee480314fd0d4fd4e3d55b4affc360f76ac28160c05f46107d4720
-
SSDEEP
3072:Xy6VEpmWXoDB4qbnI6MuqtZPHnoXCG295gF9i:HVE1XVqb2XHM2Xg+
Malware Config
Extracted
pony
http://204.145.81.46/pony/gate.php
http://64.111.24.123/pony/gate.php
-
payload_url
http://www.radiooisvira.com/2DnBty.exe
http://cencardelmagdalena.com/NAKud.exe
http://chacaracantinhodoceu.com.br/ZCy3b1.exe
Targets
-
-
Target
53230e34b5f729957c76a65ad0f2f229f7b429b8e57d79e2ba41c449fd2a44b0
-
Size
143KB
-
MD5
021585c4015ba9cadb9e96f16ac3f408
-
SHA1
deab89c569586d4ba314f2854c82ef6c418f68ca
-
SHA256
53230e34b5f729957c76a65ad0f2f229f7b429b8e57d79e2ba41c449fd2a44b0
-
SHA512
2ab0fb30ef725f963a15f94b7c451caf89135b26c068f1382219a74e667e57ea4d03c1f893ee480314fd0d4fd4e3d55b4affc360f76ac28160c05f46107d4720
-
SSDEEP
3072:Xy6VEpmWXoDB4qbnI6MuqtZPHnoXCG295gF9i:HVE1XVqb2XHM2Xg+
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-