General
-
Target
5f697f9e967d6f2f01beb702cae01a5696444372545381315f68ce00c45902d0
-
Size
2.4MB
-
Sample
230626-3dw8fadc3z
-
MD5
dd609583a5baf83eda150f9365e77067
-
SHA1
d449bd9634d29e429cc1378f171a00b018fd6b44
-
SHA256
5f697f9e967d6f2f01beb702cae01a5696444372545381315f68ce00c45902d0
-
SHA512
695259a378f7ed10cb1ffe7fe9e75f5af0fb6befe3d3333c9dcdb1ab8d2f8365639c033dda9d83738e28b37cf711b65e01395dcf853691ec7e41b1489a5fbcec
-
SSDEEP
24576:F2OTeFxvKLuoucZybHXMDg2cQV09aoz25OVn3GuQ5Y3h3js9shlieh:bTux6ZT0sozGK3Ns9shlFh
Malware Config
Extracted
pony
http://www.alberghi.com:8080/pony/gate.php
http://buyandsmile.atomclick.co:8080/pony/gate.php
-
payload_url
http://ftp.eburneenne.com/7zBY7xS.exe
http://www.spetter.com/mi19YgV.exe
http://photosfoto.com/uTM.exe
http://www.daginternacional.com/trXe.exe
Targets
-
-
Target
5f697f9e967d6f2f01beb702cae01a5696444372545381315f68ce00c45902d0
-
Size
2.4MB
-
MD5
dd609583a5baf83eda150f9365e77067
-
SHA1
d449bd9634d29e429cc1378f171a00b018fd6b44
-
SHA256
5f697f9e967d6f2f01beb702cae01a5696444372545381315f68ce00c45902d0
-
SHA512
695259a378f7ed10cb1ffe7fe9e75f5af0fb6befe3d3333c9dcdb1ab8d2f8365639c033dda9d83738e28b37cf711b65e01395dcf853691ec7e41b1489a5fbcec
-
SSDEEP
24576:F2OTeFxvKLuoucZybHXMDg2cQV09aoz25OVn3GuQ5Y3h3js9shlieh:bTux6ZT0sozGK3Ns9shlFh
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Executes dropped EXE
-
Loads dropped DLL
-