General
-
Target
823fabeb0d8ba3cba61b5070c3d8b7d09afb899713edf80055ebc4c4183e8c45
-
Size
146KB
-
Sample
221201-czpsdabb4z
-
MD5
b96ec8c2cb9e119dca275adc92e6e49e
-
SHA1
a76c4349854daf4d173bf7199f130f6c2a97afb1
-
SHA256
823fabeb0d8ba3cba61b5070c3d8b7d09afb899713edf80055ebc4c4183e8c45
-
SHA512
3515f9714f1939928bcda1df5f9b78b362aff8779ae6de9029ac64077d724e0c519f9e77199c5f4ffab0d6b546e3c19735bc68ddd51b247402952b1f4c3277ee
-
SSDEEP
3072:xDDyMnV5JF7MbwZThTHbfPb0/tbS1zNB0paJayltUQ9u:ByWLMbmThT77ytb+4ahl39u
Malware Config
Extracted
pony
http://66.55.89.149:8080/forum/viewtopic.php
http://66.55.89.150:8080/forum/viewtopic.php
-
payload_url
http://caseprojetos.com.br/QZDaA7Q.exe
http://user4699.vs.easily.co.uk/LSmC7c5N.exe
http://arabcoegypt.com/VE3z2p.exe
Targets
-
-
Target
823fabeb0d8ba3cba61b5070c3d8b7d09afb899713edf80055ebc4c4183e8c45
-
Size
146KB
-
MD5
b96ec8c2cb9e119dca275adc92e6e49e
-
SHA1
a76c4349854daf4d173bf7199f130f6c2a97afb1
-
SHA256
823fabeb0d8ba3cba61b5070c3d8b7d09afb899713edf80055ebc4c4183e8c45
-
SHA512
3515f9714f1939928bcda1df5f9b78b362aff8779ae6de9029ac64077d724e0c519f9e77199c5f4ffab0d6b546e3c19735bc68ddd51b247402952b1f4c3277ee
-
SSDEEP
3072:xDDyMnV5JF7MbwZThTHbfPb0/tbS1zNB0paJayltUQ9u:ByWLMbmThT77ytb+4ahl39u
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-