General
-
Target
5647edb34351bf85222b4300e2b6870f446a7c66734297c1badea233d335b5b3
-
Size
108KB
-
Sample
221128-tpchqsga33
-
MD5
e1dae56a7ae2bfd3718009fae97a8e70
-
SHA1
9db80f9094f0f91b949fb8d6ee98b5da70387a55
-
SHA256
5647edb34351bf85222b4300e2b6870f446a7c66734297c1badea233d335b5b3
-
SHA512
c1e1f8d933cc7a75c02d2647724813542b04a99df05adfb929cf59d8e7f4af866f9fa4bbf6d1efc614294640053222bab5ec5a16ab88ff507ffa1b8f45f7f07a
-
SSDEEP
3072:JCAQAQfuT+9MQIvx6V1P84hfNNzULy/1EW6:LHvQZ1UAbzX/v
Malware Config
Extracted
pony
http://orangeisabitch.net16.net/gate.php
Targets
-
-
Target
5647edb34351bf85222b4300e2b6870f446a7c66734297c1badea233d335b5b3
-
Size
108KB
-
MD5
e1dae56a7ae2bfd3718009fae97a8e70
-
SHA1
9db80f9094f0f91b949fb8d6ee98b5da70387a55
-
SHA256
5647edb34351bf85222b4300e2b6870f446a7c66734297c1badea233d335b5b3
-
SHA512
c1e1f8d933cc7a75c02d2647724813542b04a99df05adfb929cf59d8e7f4af866f9fa4bbf6d1efc614294640053222bab5ec5a16ab88ff507ffa1b8f45f7f07a
-
SSDEEP
3072:JCAQAQfuT+9MQIvx6V1P84hfNNzULy/1EW6:LHvQZ1UAbzX/v
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-