General
-
Target
810d9f6dea7f4041df04370d34a40c05e2e53fa99546cd1a2a8a949326d0ac74
-
Size
143KB
-
Sample
221203-epw5tada73
-
MD5
4aba0c60706b62873e0be09f6719f6c2
-
SHA1
307d4ad214a8cd054594faff5f728ea36fd25e43
-
SHA256
810d9f6dea7f4041df04370d34a40c05e2e53fa99546cd1a2a8a949326d0ac74
-
SHA512
d830e646b579f30e16a8981165476470ab21f43c7d116e7429e6d36c9ebecd71c0f186345012ebfb1a738344062f45447e122b178975fab5eb29b6088b265fd8
-
SSDEEP
3072:XjlKZelTDnEXN9QkZNGOXkTdCtLfbuCQpZNepaJbbZpk:Jwel4N91NGekTgLbSMahFp
Malware Config
Extracted
pony
http://66.55.89.150:8080/forum/viewtopic.php
http://66.55.89.151:8080/forum/viewtopic.php
-
payload_url
http://aainstalacoeseletricas.com.br/fFp8mz1.exe
http://guvenoptik.com/hbGB.exe
http://bostonfunctions.com/aVH.exe
Targets
-
-
Target
810d9f6dea7f4041df04370d34a40c05e2e53fa99546cd1a2a8a949326d0ac74
-
Size
143KB
-
MD5
4aba0c60706b62873e0be09f6719f6c2
-
SHA1
307d4ad214a8cd054594faff5f728ea36fd25e43
-
SHA256
810d9f6dea7f4041df04370d34a40c05e2e53fa99546cd1a2a8a949326d0ac74
-
SHA512
d830e646b579f30e16a8981165476470ab21f43c7d116e7429e6d36c9ebecd71c0f186345012ebfb1a738344062f45447e122b178975fab5eb29b6088b265fd8
-
SSDEEP
3072:XjlKZelTDnEXN9QkZNGOXkTdCtLfbuCQpZNepaJbbZpk:Jwel4N91NGekTgLbSMahFp
Score10/10-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-