General
-
Target
D9E0BE40DB0545D6150990074F3C3409093C458E0416E.exe.bin
-
Size
144KB
-
Sample
230501-xcbmfsfc9x
-
MD5
ab468a5b5cd9470c0895097efa2a687f
-
SHA1
cfc1453e3c7c7dd991d6ce775dc8b75b44924f0e
-
SHA256
d9e0be40db0545d6150990074f3c3409093c458e0416ed81f6d01bd5151c8501
-
SHA512
13d5902fe60a3e378b4d6eb6e7acaa3d4c7c6d33323a6b90c266b0a8638d4fc36a9022591302918488871f0df842584af458c712582dda7b73fcc84707165131
-
SSDEEP
3072:wFjojAOl6xZVIT3zF4AceNwcmlV84b7PiqmqcEjTh/Y6SeXOxDL/w1lV/:onxZececlzbjivqL
Malware Config
Extracted
pony
http://www.cordilleraescalera.com/images/2.gif/gate.php
Targets
-
-
Target
D9E0BE40DB0545D6150990074F3C3409093C458E0416E.exe.bin
-
Size
144KB
-
MD5
ab468a5b5cd9470c0895097efa2a687f
-
SHA1
cfc1453e3c7c7dd991d6ce775dc8b75b44924f0e
-
SHA256
d9e0be40db0545d6150990074f3c3409093c458e0416ed81f6d01bd5151c8501
-
SHA512
13d5902fe60a3e378b4d6eb6e7acaa3d4c7c6d33323a6b90c266b0a8638d4fc36a9022591302918488871f0df842584af458c712582dda7b73fcc84707165131
-
SSDEEP
3072:wFjojAOl6xZVIT3zF4AceNwcmlV84b7PiqmqcEjTh/Y6SeXOxDL/w1lV/:onxZececlzbjivqL
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-