General
-
Target
81a268c6eaa762446aa171f3e56b6dadd69cda61f683699e707dbdbb4fc160ff
-
Size
101KB
-
Sample
221201-c2a21afh28
-
MD5
aa09f146911ed89b179dda19d7ae0134
-
SHA1
eec57d849aa1687590ff9af5fd92a9783613d9ea
-
SHA256
81a268c6eaa762446aa171f3e56b6dadd69cda61f683699e707dbdbb4fc160ff
-
SHA512
17434adb69a6a06fc7004d1efa94716fcceb6d042b70b93988d51dcda8632aeed8b2115579be2371a1366ff11a0dea61b30b15a24a3ed0faf355cb6c116a0f26
-
SSDEEP
1536:51sY+pnWYfw6P64P8ev+4aAq4qsSEK4aAKuLaYvaGc7wFA1rU11B8xTBknclC6bh:4Ke3XFMEA+8Hbtr
Malware Config
Extracted
pony
http://antichat.pro/1f5s5rd5wer.php
-
payload_url
http://scanhost.pro/setup.exe
Targets
-
-
Target
81a268c6eaa762446aa171f3e56b6dadd69cda61f683699e707dbdbb4fc160ff
-
Size
101KB
-
MD5
aa09f146911ed89b179dda19d7ae0134
-
SHA1
eec57d849aa1687590ff9af5fd92a9783613d9ea
-
SHA256
81a268c6eaa762446aa171f3e56b6dadd69cda61f683699e707dbdbb4fc160ff
-
SHA512
17434adb69a6a06fc7004d1efa94716fcceb6d042b70b93988d51dcda8632aeed8b2115579be2371a1366ff11a0dea61b30b15a24a3ed0faf355cb6c116a0f26
-
SSDEEP
1536:51sY+pnWYfw6P64P8ev+4aAq4qsSEK4aAKuLaYvaGc7wFA1rU11B8xTBknclC6bh:4Ke3XFMEA+8Hbtr
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-