General
-
Target
fa51b723373af0cf2075d77d58592af31b4e9e847511c985b7b67a8aa8cbb905
-
Size
260KB
-
Sample
230804-e52p8she56
-
MD5
4d2b396ed30c6f2c9525ab5f1a2be07c
-
SHA1
d947466f063adc2ca06558ba192f1169b09418f2
-
SHA256
fa51b723373af0cf2075d77d58592af31b4e9e847511c985b7b67a8aa8cbb905
-
SHA512
dc6a25abeb77b08e58348cdafaddf7fdce8acbf4ccdeb96a7c71f1de529de5b44dd53ac1937c420e1fa748ba541acfac41b2f35307c0a6e452649484f9d06a4c
-
SSDEEP
3072:R9EBmY4qOCOp1zigKqWbyPpWI6/0/MrHmk0LrdFFCprMv6H7UyJ:HEQCaibN2pWIhcHn0cpruiIy
Malware Config
Extracted
pony
http://superiorbroomproducers.com/opjis/UD099/gate.php
Targets
-
-
Target
fa51b723373af0cf2075d77d58592af31b4e9e847511c985b7b67a8aa8cbb905
-
Size
260KB
-
MD5
4d2b396ed30c6f2c9525ab5f1a2be07c
-
SHA1
d947466f063adc2ca06558ba192f1169b09418f2
-
SHA256
fa51b723373af0cf2075d77d58592af31b4e9e847511c985b7b67a8aa8cbb905
-
SHA512
dc6a25abeb77b08e58348cdafaddf7fdce8acbf4ccdeb96a7c71f1de529de5b44dd53ac1937c420e1fa748ba541acfac41b2f35307c0a6e452649484f9d06a4c
-
SSDEEP
3072:R9EBmY4qOCOp1zigKqWbyPpWI6/0/MrHmk0LrdFFCprMv6H7UyJ:HEQCaibN2pWIhcHn0cpruiIy
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-