General
-
Target
cdeb727b2d764ac2fa88c0f4ef0ef960N.exe
-
Size
188KB
-
Sample
240906-cp7v7s1dpg
-
MD5
cdeb727b2d764ac2fa88c0f4ef0ef960
-
SHA1
e2fee305cb007cbdba982cfd3d20a9dea71a38bd
-
SHA256
63e4f866a3a512b1e7505da3e719289cd1d85f93613f7b3648852e1bad2bb8d3
-
SHA512
69db42bebbd7bbbdd93b4efbbce2bc721bf5a584f3203fc7b6a0dd54797bc4a9c97d8b714702997cc90075f43abe4cd8e8f951febf79907d586dbb94219fef51
-
SSDEEP
3072:ORMNTS+R5M0zKzivJXa93MVPbL0cMDNIdEnoOH30Tt:OON++R5z8Y1alKzL0cXdEoe6
Malware Config
Extracted
pony
http://classicmodels.at:8080/forum/viewtopic.php
http://diva-code.at:8080/forum/viewtopic.php
-
payload_url
http://bymcomunica.com.br/1jWUh8g.exe
http://ftp.architektur-gleis.at/i3NiK11U.exe
http://3d-cam.com/5361PU.exe
Targets
-
-
Target
cdeb727b2d764ac2fa88c0f4ef0ef960N.exe
-
Size
188KB
-
MD5
cdeb727b2d764ac2fa88c0f4ef0ef960
-
SHA1
e2fee305cb007cbdba982cfd3d20a9dea71a38bd
-
SHA256
63e4f866a3a512b1e7505da3e719289cd1d85f93613f7b3648852e1bad2bb8d3
-
SHA512
69db42bebbd7bbbdd93b4efbbce2bc721bf5a584f3203fc7b6a0dd54797bc4a9c97d8b714702997cc90075f43abe4cd8e8f951febf79907d586dbb94219fef51
-
SSDEEP
3072:ORMNTS+R5M0zKzivJXa93MVPbL0cMDNIdEnoOH30Tt:OON++R5z8Y1alKzL0cXdEoe6
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-