General
-
Target
d4612d3f05b869c71d47f3e13887d217b423c9f454edd59074f816cf3f40302aN
-
Size
134KB
-
Sample
240920-2at38s1fkh
-
MD5
e37175b0dda237e5c581c7836e456f30
-
SHA1
cd3dd88bcebdcce00c95b0a7c13ade24729f959e
-
SHA256
d4612d3f05b869c71d47f3e13887d217b423c9f454edd59074f816cf3f40302a
-
SHA512
2ee077d20a1a31af78eda0871ce28073292b3b7d26a573754b7034b482693571fbf47de8a2192ef14624847e5761e4cf6bcbbb2406fe325b3f5683dcf83bd44e
-
SSDEEP
3072:JAtE76G8HyyNg1xYFeP6mo1GcUkcm0eqQ:utcqPNgjbk30zQ
Malware Config
Extracted
pony
http://momus.com.tw:8080/pony/gate.php
-
payload_url
http://alcaponecigarillos.com/RdKtpaU.exe
http://freegermanpornsex.com/YiHVUjb.exe
http://www.cuboderoda.com.br/vPhQ.exe
Targets
-
-
Target
d4612d3f05b869c71d47f3e13887d217b423c9f454edd59074f816cf3f40302aN
-
Size
134KB
-
MD5
e37175b0dda237e5c581c7836e456f30
-
SHA1
cd3dd88bcebdcce00c95b0a7c13ade24729f959e
-
SHA256
d4612d3f05b869c71d47f3e13887d217b423c9f454edd59074f816cf3f40302a
-
SHA512
2ee077d20a1a31af78eda0871ce28073292b3b7d26a573754b7034b482693571fbf47de8a2192ef14624847e5761e4cf6bcbbb2406fe325b3f5683dcf83bd44e
-
SSDEEP
3072:JAtE76G8HyyNg1xYFeP6mo1GcUkcm0eqQ:utcqPNgjbk30zQ
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-