General

  • Target

    56a8af6686103a600e85ff47afd70e703e603a9e2c96546209d864ff607b7742

  • Size

    42KB

  • Sample

    240419-wnq1vacc21

  • MD5

    1fe9879e64aeb4451eb44999f9de43e6

  • SHA1

    ce4fa06ea961e0ab4c6246840638ce4f93dbb582

  • SHA256

    56a8af6686103a600e85ff47afd70e703e603a9e2c96546209d864ff607b7742

  • SHA512

    1f8c7721c56325633d57312bdfbfe1410159a83bdb0581068df535a1fc1098666bb93a3cb019e14ade117b8ed777ed9aea812376df51026be9188c3cad3a19cc

  • SSDEEP

    768:6RtREFYA6Lv0JTy3cLdjhaUcZtZGPpgddJ6ZLpKXzmmkMmB7uEvH2ege6WxkRbvR:6RTEW38NZjhaUJPFLoX8kKDmykVR

Malware Config

Extracted

Family

pony

C2

http://116.122.158.195:8080/ponyb/gate.php

http://siteseoguide.com:8080/ponyb/gate.php

http://uksonlinedating.com:8080/ponyb/gate.php

http://199.59.56.105:8080/ponyb/gate.php

Attributes
  • payload_url

    http://02d7935.netsolhost.com/vpT0bkB.exe

    http://www.wellma-reiki.de/iWdD0.exe

    http://mariefredbk.se/FJkD.exe

Targets

    • Target

      486f7e6a9bb25f7e3c9bc8c0b71989e3100bb881c7cb611fb904cc950aa1b051.exe

    • Size

      91KB

    • MD5

      bc5cdf045db5cd6c226fadc10951cce7

    • SHA1

      913d765bc4333f731b66dc5510a0adaa0bd15fc0

    • SHA256

      486f7e6a9bb25f7e3c9bc8c0b71989e3100bb881c7cb611fb904cc950aa1b051

    • SHA512

      8360eedf3f16cefe11d859c5d7dcc3fe34d9a24ecb24986bc8aeffe288d54b43a7ac4ccf2ada4e90d849ea7c10bd4d12785181526c5bf2b8937fe9d37630478b

    • SSDEEP

      1536:ruvKtB9aqToGNj02UyG8Mzh1SQbgxqy4Bo9O2i1O2FTuITvxEKvykzZIcZY:CK9RDG8Mzh1S3MyZqOUjEKvdpY

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks