General
-
Target
c7e01f3c21747a8043ed371be933f75f565ab93835c46a53b8a3f99e141b2caf.exe
-
Size
148KB
-
Sample
241217-y15qwaxqcq
-
MD5
8feea3ff8cfb440eddbc58d1a1c63f3b
-
SHA1
82c952f21c34ea0fefb0b22d62e49272b92d2b23
-
SHA256
c7e01f3c21747a8043ed371be933f75f565ab93835c46a53b8a3f99e141b2caf
-
SHA512
0daad812527763d1e5e17cc450ddfad3a483942c90f24ddc2a234ef09a2e8b436b718d97f0076740a35cb0dcff6b95ff1576246ba72204047afcb325df5ce96a
-
SSDEEP
3072:315bYPobcmqRh6rM6W9CUC6g7q3t83rAPgoipL4ieWbj+w:3PbYPoA/H6rM6WLCMYrggoyL41yv
Malware Config
Extracted
pony
http://123.108.108.52/xSZ64Wiax/didzyo.php
Targets
-
-
Target
c7e01f3c21747a8043ed371be933f75f565ab93835c46a53b8a3f99e141b2caf.exe
-
Size
148KB
-
MD5
8feea3ff8cfb440eddbc58d1a1c63f3b
-
SHA1
82c952f21c34ea0fefb0b22d62e49272b92d2b23
-
SHA256
c7e01f3c21747a8043ed371be933f75f565ab93835c46a53b8a3f99e141b2caf
-
SHA512
0daad812527763d1e5e17cc450ddfad3a483942c90f24ddc2a234ef09a2e8b436b718d97f0076740a35cb0dcff6b95ff1576246ba72204047afcb325df5ce96a
-
SSDEEP
3072:315bYPobcmqRh6rM6W9CUC6g7q3t83rAPgoipL4ieWbj+w:3PbYPoA/H6rM6WLCMYrggoyL41yv
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-