General
-
Target
12fa1157b1ba0ec3fce4e503bf0e884a8e2c1be2714e604030b84db0c96f5200
-
Size
113KB
-
Sample
221202-a8nkkabh9s
-
MD5
1628ae15a7140a3385efa6c422089458
-
SHA1
f2a90c19c490d7877118c611499bb23c7731688c
-
SHA256
12fa1157b1ba0ec3fce4e503bf0e884a8e2c1be2714e604030b84db0c96f5200
-
SHA512
132870ab2efa072973ee6ae7503c43c3fae01ba249090c5ac6db124304f41796750361d8e6b7147baffbb383fd837fa528660f8ce15b0dfdb24d674e4ed89339
-
SSDEEP
1536:LUZdGLay+9G8A+jbEmYjXdMfdBXwVYSFkzXOWRHyqgV/AjkF9K/uCk:LUZdGLaz9G8BakBXMYSFSXOWNo/D
Malware Config
Extracted
pony
http://luxrebags.com/forum/viewtopic.php
http://luxrybags.com/forum/viewtopic.php
http://luxurybrandswalla.com/forum/viewtopic.php
http://mickmicheyl.biz/forum/viewtopic.php
-
payload_url
http://imagesuperspot.com/6ptP.exe
http://1954f7e942e67bc1.lolipop.jp/d2z.exe
http://ropapublicitaria.es/5VWumA1.exe
http://colombiantravelservices.com/ucUMruv.exe
Targets
-
-
Target
12fa1157b1ba0ec3fce4e503bf0e884a8e2c1be2714e604030b84db0c96f5200
-
Size
113KB
-
MD5
1628ae15a7140a3385efa6c422089458
-
SHA1
f2a90c19c490d7877118c611499bb23c7731688c
-
SHA256
12fa1157b1ba0ec3fce4e503bf0e884a8e2c1be2714e604030b84db0c96f5200
-
SHA512
132870ab2efa072973ee6ae7503c43c3fae01ba249090c5ac6db124304f41796750361d8e6b7147baffbb383fd837fa528660f8ce15b0dfdb24d674e4ed89339
-
SSDEEP
1536:LUZdGLay+9G8A+jbEmYjXdMfdBXwVYSFkzXOWRHyqgV/AjkF9K/uCk:LUZdGLaz9G8BakBXMYSFSXOWNo/D
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-