General
-
Target
7b2a3a2bf10926418447cf0e3e75814a429523de1abc4121ee67afec56e97787N
-
Size
101KB
-
Sample
241104-2wv8es1qeq
-
MD5
7eca92369048580be425b093a4992b00
-
SHA1
9d5f190132dd51a1cfdf7dfeeea7ec730e13dec2
-
SHA256
7b2a3a2bf10926418447cf0e3e75814a429523de1abc4121ee67afec56e97787
-
SHA512
9de73e49926a3c907e23c32cd3ae5ae2d7289faf7325c1725f29b14791766d3342afc4743b1f7aa1da9fb6743170a20b7c29d580ea3859b173fcd567fd4dd2bd
-
SSDEEP
1536:KoDCqQ72susTZUM8Zx1eBumQkAJSo/4X+dMSWG+MaC0GsHmH3unn:KoNS3UMyQA4o/w+qiaCFsHmXunn
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
7b2a3a2bf10926418447cf0e3e75814a429523de1abc4121ee67afec56e97787N
-
Size
101KB
-
MD5
7eca92369048580be425b093a4992b00
-
SHA1
9d5f190132dd51a1cfdf7dfeeea7ec730e13dec2
-
SHA256
7b2a3a2bf10926418447cf0e3e75814a429523de1abc4121ee67afec56e97787
-
SHA512
9de73e49926a3c907e23c32cd3ae5ae2d7289faf7325c1725f29b14791766d3342afc4743b1f7aa1da9fb6743170a20b7c29d580ea3859b173fcd567fd4dd2bd
-
SSDEEP
1536:KoDCqQ72susTZUM8Zx1eBumQkAJSo/4X+dMSWG+MaC0GsHmH3unn:KoNS3UMyQA4o/w+qiaCFsHmXunn
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-