General
-
Target
ee563066adacee209893220ae66841b0d04864a554b24ea7f61e5536733bec1b
-
Size
481KB
-
Sample
240909-r2cm6award
-
MD5
d7909b843f272fbfdac7b37de9d4f341
-
SHA1
53e482791613223720862fde1cd70b97b31942cd
-
SHA256
ee563066adacee209893220ae66841b0d04864a554b24ea7f61e5536733bec1b
-
SHA512
d69dbf6f0ccec45136fde469755c38999211fde8b920baae5caded93bb11c1b4702d640297586a698760411a3ca4db5ba08864b2353ec045d3803fa9e7c76eec
-
SSDEEP
3072:S97G00HPz318+p6suzduRm1vZm3V5I9SMu:oG0kkvZmFMf
Malware Config
Extracted
pony
http://66.175.212.25/pony/gate.php
http://69.194.194.238/pony/gate.php
-
payload_url
http://nuolaidos.lsas.lt/0HyztY.exe
http://files-heaven.net/65rhQ.exe
Targets
-
-
Target
ee563066adacee209893220ae66841b0d04864a554b24ea7f61e5536733bec1b
-
Size
481KB
-
MD5
d7909b843f272fbfdac7b37de9d4f341
-
SHA1
53e482791613223720862fde1cd70b97b31942cd
-
SHA256
ee563066adacee209893220ae66841b0d04864a554b24ea7f61e5536733bec1b
-
SHA512
d69dbf6f0ccec45136fde469755c38999211fde8b920baae5caded93bb11c1b4702d640297586a698760411a3ca4db5ba08864b2353ec045d3803fa9e7c76eec
-
SSDEEP
3072:S97G00HPz318+p6suzduRm1vZm3V5I9SMu:oG0kkvZmFMf
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-