General
-
Target
10421eb71f8420f21fe56b26e6b8d33d
-
Size
130KB
-
Sample
231224-y1zvmaafb4
-
MD5
10421eb71f8420f21fe56b26e6b8d33d
-
SHA1
b83b6f9136629e9c7e282e7318d5a4a7afd8b6e4
-
SHA256
3635ed77516fae20d8ef98cc451970b81436b13741a0b73fdeae996248a622e3
-
SHA512
02a7c5dccf77b002437739ca2df335c2e2289d1621ebd83ec2fab032a7e59bf9431f6e832d3aa0d01debeb6fa88892a50e35655f6f1b621d5ec4e95c9a369a41
-
SSDEEP
3072:OB8+g8X7vedG7Ne3vP/xk6ok3kpN0DKMeNq:Oa+fbedwNeprDK7q
Malware Config
Extracted
pony
http://108.166.65.182:8080/pony/gate.php
http://aloucakbileti.com:8080/pony/gate.php
-
payload_url
http://ftp.redstar.com.ve/gArUV2f.exe
http://pizzaroma.in/4ZVhz.exe
Targets
-
-
Target
10421eb71f8420f21fe56b26e6b8d33d
-
Size
130KB
-
MD5
10421eb71f8420f21fe56b26e6b8d33d
-
SHA1
b83b6f9136629e9c7e282e7318d5a4a7afd8b6e4
-
SHA256
3635ed77516fae20d8ef98cc451970b81436b13741a0b73fdeae996248a622e3
-
SHA512
02a7c5dccf77b002437739ca2df335c2e2289d1621ebd83ec2fab032a7e59bf9431f6e832d3aa0d01debeb6fa88892a50e35655f6f1b621d5ec4e95c9a369a41
-
SSDEEP
3072:OB8+g8X7vedG7Ne3vP/xk6ok3kpN0DKMeNq:Oa+fbedwNeprDK7q
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-