General
-
Target
e8c74307732c397fe2ea5c4dd32637a574457e7c79c73a653d3b187f0159cf75
-
Size
146KB
-
Sample
221130-c9zqbsec5y
-
MD5
99f5b94c1d1d31a82134b49237e5a92c
-
SHA1
9bdfc09ce414e8c266424621b3e9c264addecdab
-
SHA256
e8c74307732c397fe2ea5c4dd32637a574457e7c79c73a653d3b187f0159cf75
-
SHA512
138fe77c17f25249c2a326c99f5756ade3218466ebe30cca0df496e4b51b8f5dd60a7760e11580aab750ea1e2d358dd0c7d63486ba9b3e1afcd42b509a6255c7
-
SSDEEP
3072:xDDyMnV59baBA5ZjjYrx0Z01FAbZ3eAIplpaJgnGPeg9guc:ByWABAvjjY9JbAb0naePyguc
Malware Config
Extracted
pony
http://66.55.89.150:8080/forum/viewtopic.php
http://66.55.89.151:8080/forum/viewtopic.php
-
payload_url
http://boletin.puntoimpresion.com/Qnrnh53B.exe
http://www.vivaidiportanova.it/55V7.exe
http://www.urbyagri.es/s56k5.exe
http://etradi.webgenshop.nl/xWP.exe
Targets
-
-
Target
e8c74307732c397fe2ea5c4dd32637a574457e7c79c73a653d3b187f0159cf75
-
Size
146KB
-
MD5
99f5b94c1d1d31a82134b49237e5a92c
-
SHA1
9bdfc09ce414e8c266424621b3e9c264addecdab
-
SHA256
e8c74307732c397fe2ea5c4dd32637a574457e7c79c73a653d3b187f0159cf75
-
SHA512
138fe77c17f25249c2a326c99f5756ade3218466ebe30cca0df496e4b51b8f5dd60a7760e11580aab750ea1e2d358dd0c7d63486ba9b3e1afcd42b509a6255c7
-
SSDEEP
3072:xDDyMnV59baBA5ZjjYrx0Z01FAbZ3eAIplpaJgnGPeg9guc:ByWABAvjjY9JbAb0naePyguc
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-