General
-
Target
664f2c66c1e3c50a93d1b6adc4098155928e17011ac90e338ebea5b58648072d
-
Size
511KB
-
Sample
240909-qt1jkszhnq
-
MD5
7ebc79f51cbe3b54ef4ecec06c57401e
-
SHA1
d84c4873d7ffe658be1a7470ea64f72351fa0b70
-
SHA256
664f2c66c1e3c50a93d1b6adc4098155928e17011ac90e338ebea5b58648072d
-
SHA512
19a2005fd054dd2f7b9b93a2c03f329c61d22d8ea170beba868973472edb373f7d8a5ec39069e2e9831e91e60cc45d5182808b2a0153e976092f58ad99b1c717
-
SSDEEP
3072:MdqJH/xPIGRfQu3IObFUBwxC5VJUkyyaj/:0qDIh+Cn7y3
Malware Config
Extracted
pony
http://66.175.212.25/pony/gate.php
http://69.194.194.238/pony/gate.php
-
payload_url
http://stireadebacau.ro/ey4o.exe
http://baireshop.com.ar/iq7TqVB.exe
http://ppr-corp.com/USg5pJCH.exe
Targets
-
-
Target
664f2c66c1e3c50a93d1b6adc4098155928e17011ac90e338ebea5b58648072d
-
Size
511KB
-
MD5
7ebc79f51cbe3b54ef4ecec06c57401e
-
SHA1
d84c4873d7ffe658be1a7470ea64f72351fa0b70
-
SHA256
664f2c66c1e3c50a93d1b6adc4098155928e17011ac90e338ebea5b58648072d
-
SHA512
19a2005fd054dd2f7b9b93a2c03f329c61d22d8ea170beba868973472edb373f7d8a5ec39069e2e9831e91e60cc45d5182808b2a0153e976092f58ad99b1c717
-
SSDEEP
3072:MdqJH/xPIGRfQu3IObFUBwxC5VJUkyyaj/:0qDIh+Cn7y3
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-