General
-
Target
0961c09b6429f3ba2ea425e4336bd7e962a5491aac99fde53c33264ab80a8f3bN
-
Size
121KB
-
Sample
241019-ht24eavgjj
-
MD5
44f1d88c81bb43a57f00927a254025e0
-
SHA1
204f7587dc4527a4723881be8e35b4b4dc02fd4a
-
SHA256
0961c09b6429f3ba2ea425e4336bd7e962a5491aac99fde53c33264ab80a8f3b
-
SHA512
9bf7887d7faa16df0687761e5e9e4a7d87eaeb7a35a3747f55e8ebcd1d82fb16f90085fcc6f982ebe6303997653a844a646188cab7f128b083005dfad07fef96
-
SSDEEP
1536:TJqBkhKjFgPQNZeFVkJ/eLijGmOi3V5O1H9itGRgtoG1mjMPxGjBXcG+Nj:T14jFqQNZRl7FOiF5IHMGe+GgMGj5I
Malware Config
Extracted
pony
http://nursenextdoor.com:443/forum/viewtopic.php
http://dreamonseniorswish.org:443/forum/viewtopic.php
http://prospexleads.com:8080/forum/viewtopic.php
http://phonebillssuck.com:8080/forum/viewtopic.php
-
payload_url
http://www.osfphotos.org/XbWgrVUL.exe
http://studiobesso.it/hzEWNnX.exe
http://schodel.de/hQ1HZn.exe
Targets
-
-
Target
0961c09b6429f3ba2ea425e4336bd7e962a5491aac99fde53c33264ab80a8f3bN
-
Size
121KB
-
MD5
44f1d88c81bb43a57f00927a254025e0
-
SHA1
204f7587dc4527a4723881be8e35b4b4dc02fd4a
-
SHA256
0961c09b6429f3ba2ea425e4336bd7e962a5491aac99fde53c33264ab80a8f3b
-
SHA512
9bf7887d7faa16df0687761e5e9e4a7d87eaeb7a35a3747f55e8ebcd1d82fb16f90085fcc6f982ebe6303997653a844a646188cab7f128b083005dfad07fef96
-
SSDEEP
1536:TJqBkhKjFgPQNZeFVkJ/eLijGmOi3V5O1H9itGRgtoG1mjMPxGjBXcG+Nj:T14jFqQNZRl7FOiF5IHMGe+GgMGj5I
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-