General
-
Target
4043bb6f0ab9541ddfb640ae23aa2de05aa5b5d4fd5867fecb8dd41d2567a813
-
Size
91KB
-
Sample
221202-xkswpsde79
-
MD5
37426d0662f2493a1d94fe0eecc1a820
-
SHA1
362256fab30455702609853be50dd757e3d06755
-
SHA256
4043bb6f0ab9541ddfb640ae23aa2de05aa5b5d4fd5867fecb8dd41d2567a813
-
SHA512
210e8193d80085668c835489ff37f69f47bf1d773e384641bb2be54e4dab4feb2f7758ae4b0dd92e920b623c880e8d391cbc465909d79ba9a3c0b903ebcc8b60
-
SSDEEP
1536:gNOiu0H254qTJVEGB8uMv0dJoxiaNrU5QWgjQOlcWTvRtkzbQ/N:yBzHmTC0Pqi048QOlsQ/N
Malware Config
Extracted
pony
http://fillmaka.com/forum/viewtopic.php
http://fillmmaka.com/forum/viewtopic.php
http://filmaka.biz/forum/viewtopic.php
http://filmaka.co.uk/forum/viewtopic.php
-
payload_url
http://mobilidea.com.mx/4ME7W3.exe
http://landhausbakery.com/nNF.exe
http://www.rethemniotikokarnavali.gr/ZJfMPCJG.exe
Targets
-
-
Target
4043bb6f0ab9541ddfb640ae23aa2de05aa5b5d4fd5867fecb8dd41d2567a813
-
Size
91KB
-
MD5
37426d0662f2493a1d94fe0eecc1a820
-
SHA1
362256fab30455702609853be50dd757e3d06755
-
SHA256
4043bb6f0ab9541ddfb640ae23aa2de05aa5b5d4fd5867fecb8dd41d2567a813
-
SHA512
210e8193d80085668c835489ff37f69f47bf1d773e384641bb2be54e4dab4feb2f7758ae4b0dd92e920b623c880e8d391cbc465909d79ba9a3c0b903ebcc8b60
-
SSDEEP
1536:gNOiu0H254qTJVEGB8uMv0dJoxiaNrU5QWgjQOlcWTvRtkzbQ/N:yBzHmTC0Pqi048QOlsQ/N
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-