General
-
Target
61867e380f054db5c1d21aff69bf0c213d81503ef7a0d9817efba62f051115cf
-
Size
144KB
-
Sample
221203-epva8agd4z
-
MD5
da02d6b381addbffa81aad15d0b6a05a
-
SHA1
0180b4bcd3803aa7196adaaef7c33f057fdebc03
-
SHA256
61867e380f054db5c1d21aff69bf0c213d81503ef7a0d9817efba62f051115cf
-
SHA512
1fbc09544ed85b484f9d435db92a9223b863ed1d667fb6c43b84670aa824e1ea7d205df2d4b8e60bdfb15e1c653a32438a444ebd9ccb73c270badb91dedd8960
-
SSDEEP
3072:s0IYwk7xA1PHbSnCZYoB1rLAxgutQb0HdUyY6CpaJFsZLoYHYd:nIYwkd8Sn8YoLLVrbwzuaj2rH0
Malware Config
Extracted
pony
http://74.53.97.66:8080/forum/viewtopic.php
http://74.53.97.67:8080/forum/viewtopic.php
-
payload_url
http://orion.obidigital.net/d09ZhGf.exe
http://ftp.lastraautosport.com.ar/xjH.exe
Targets
-
-
Target
61867e380f054db5c1d21aff69bf0c213d81503ef7a0d9817efba62f051115cf
-
Size
144KB
-
MD5
da02d6b381addbffa81aad15d0b6a05a
-
SHA1
0180b4bcd3803aa7196adaaef7c33f057fdebc03
-
SHA256
61867e380f054db5c1d21aff69bf0c213d81503ef7a0d9817efba62f051115cf
-
SHA512
1fbc09544ed85b484f9d435db92a9223b863ed1d667fb6c43b84670aa824e1ea7d205df2d4b8e60bdfb15e1c653a32438a444ebd9ccb73c270badb91dedd8960
-
SSDEEP
3072:s0IYwk7xA1PHbSnCZYoB1rLAxgutQb0HdUyY6CpaJFsZLoYHYd:nIYwkd8Sn8YoLLVrbwzuaj2rH0
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-