General
-
Target
d8fe3e1bdaa3e10800f1b31278d7555a
-
Size
127KB
-
Sample
240320-rfsggsab86
-
MD5
d8fe3e1bdaa3e10800f1b31278d7555a
-
SHA1
4e4be203ae5e72cc2d51ec21c017bd98ae801ff8
-
SHA256
1bd8e2cb6bfe3eb96f72a91ef5884dc1117d7de9e266fa81c0d70cdefc777cce
-
SHA512
d1f6f87baa33ef04500e5a3277f8dfcafab97d64df371c3f32eb4bca5efa099ccd5086ab4400f6456e27d39fd75ddceb53581231f90a6a4248031475fbcf52f6
-
SSDEEP
1536:S+61dbfXj+ZKtb/zxUhPvOXigmBELmbmSIalysxPgHFpyAyrYv0t:+bf/1zxUsmBVbW6wlyrYv0t
Malware Config
Extracted
pony
http://37.59.66.237/pony/gate.php
-
payload_url
http://88.255.85.106/ptgv1qk8.exe
http://motorkid.pl/BMU1qbTA.exe
http://198.106.90.79/ykGNga.exe
Targets
-
-
Target
d8fe3e1bdaa3e10800f1b31278d7555a
-
Size
127KB
-
MD5
d8fe3e1bdaa3e10800f1b31278d7555a
-
SHA1
4e4be203ae5e72cc2d51ec21c017bd98ae801ff8
-
SHA256
1bd8e2cb6bfe3eb96f72a91ef5884dc1117d7de9e266fa81c0d70cdefc777cce
-
SHA512
d1f6f87baa33ef04500e5a3277f8dfcafab97d64df371c3f32eb4bca5efa099ccd5086ab4400f6456e27d39fd75ddceb53581231f90a6a4248031475fbcf52f6
-
SSDEEP
1536:S+61dbfXj+ZKtb/zxUhPvOXigmBELmbmSIalysxPgHFpyAyrYv0t:+bf/1zxUsmBVbW6wlyrYv0t
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-