General

  • Target

    879438326a1e539458d37ec4fc8b3cac06fe058ece91a0586516110584858e97

  • Size

    42KB

  • Sample

    240419-wnp4jscc2z

  • MD5

    fed6bbf80ccd4a78bebca3102312f1f4

  • SHA1

    2c9846cd7f317f381426b6b9c55fe787f2d8784b

  • SHA256

    879438326a1e539458d37ec4fc8b3cac06fe058ece91a0586516110584858e97

  • SHA512

    13eb655d84a8070525fc94de073f6c6e8e222d559471c0d9ef5af37f4d9ce85215c757e1497f1705abf8e6509c5cd8038b9ee75f6e7a7712bbe911b6af7dc527

  • SSDEEP

    768:6/yZPG/Cu/2jCNOZoe1CFYk5ah1s2jMg2DISsh61EBF5sDCuQzR+PGS2T:PdcICNqoeUYk8h1sP9sF53uQz0PU

Malware Config

Extracted

Family

pony

C2

http://br1.irontrial.com:8080/ponyd/gate.php

http://br1.pineapplesdonthavesleeves.com:8080/ponyd/gate.php

http://89.166.50.40:8080/ponyd/gate.php

http://6.magicalomaha.co/ponyd/gate.php

Attributes
  • payload_url

    http://homeschooldressage.com/2Q3.exe

    http://ftp.sveikasdumas.lt/9oQB5YNa.exe

    http://sol-electrica.com/dbsQ.exe

    http://stockinter.intersport.es/MU4jW3pk.exe

    http://healthblognetworks.com/Nt5p7X.exe

    http://energy-without-carbon.com/YPHHERQ.exe

    http://efumi.bokunenjin.com/wXQy.exe

Targets

    • Target

      45eb8716cd1d4836a4d1a620c1936c9a0342b340c9987a67501c3226dda61731.exe

    • Size

      90KB

    • MD5

      ab02eb6c6027099212b02fd88b33a4d0

    • SHA1

      76e96a0f0b25597e8c55be091bd1fb6dcf1400fe

    • SHA256

      45eb8716cd1d4836a4d1a620c1936c9a0342b340c9987a67501c3226dda61731

    • SHA512

      313d780c7902f6f24e969a79155dcb7450411c3cdf75cbde3c06d83f65fb3e28d7f75deeaf59b6e5aad62cf6e84daee3f0cd7a765db06a5b347c4d9d9f83916a

    • SSDEEP

      1536:jpy3U89ctqTG4a2SPE3gwzv+vY6Yau/yH4/eu2OycwFTvtEiwkzZEw:VyrcpYgwzveY6zCyH9Oy9HEi7Ew

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks