General
-
Target
028702e762252b4157158cf2a152e234131885b0d1085572f7f7124d4ebe05ad
-
Size
71KB
-
Sample
250105-xwgyksvqbq
-
MD5
6b015793895261ea9d98d048026de700
-
SHA1
a56b40a2c455925b6de636f74b091343b96f9090
-
SHA256
028702e762252b4157158cf2a152e234131885b0d1085572f7f7124d4ebe05ad
-
SHA512
5a72303aecd490a96f041d40fa46b71753244658f4fe202b7f53b85bf07633ef7cda3fc7790b7c41c4b2875f85af935c7e5c3f43cdd6555d47788ae7e92fdec3
-
SSDEEP
768:ZxfKtnRBeUrjJvShpbT/C7jf4vc0Y+jn4CZCqYZczMrv0OyDRWBZ7:HSnbG3oZ9qRC9b0C
Malware Config
Extracted
pony
http://kaplq.ru/
http://ecrj.ru/
-
payload_url
http://ecrj.ru/f/sc.exe
http://ecrj.ru/f/pkc.exe
http://ecrj.ru/f/skc.exe
Targets
-
-
Target
028702e762252b4157158cf2a152e234131885b0d1085572f7f7124d4ebe05ad
-
Size
71KB
-
MD5
6b015793895261ea9d98d048026de700
-
SHA1
a56b40a2c455925b6de636f74b091343b96f9090
-
SHA256
028702e762252b4157158cf2a152e234131885b0d1085572f7f7124d4ebe05ad
-
SHA512
5a72303aecd490a96f041d40fa46b71753244658f4fe202b7f53b85bf07633ef7cda3fc7790b7c41c4b2875f85af935c7e5c3f43cdd6555d47788ae7e92fdec3
-
SSDEEP
768:ZxfKtnRBeUrjJvShpbT/C7jf4vc0Y+jn4CZCqYZczMrv0OyDRWBZ7:HSnbG3oZ9qRC9b0C
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-