General
-
Target
bcf94d95d8b116327c818ee00501670fe21f552da4a6ca4649bf164daad2ffe6.exe
-
Size
120KB
-
Sample
250107-tvvlhaymd1
-
MD5
0ded0e035d042371da764757ba9699d5
-
SHA1
4cf6e6dad15b8852081818033df4175b9efb94e6
-
SHA256
bcf94d95d8b116327c818ee00501670fe21f552da4a6ca4649bf164daad2ffe6
-
SHA512
01ff2c9fb907bef762891e953768a67a6e48b45580deb4a52fa0eed98d070cc5fd1cd7bf1c61e8ceb3dd1193628c9a1184fab5ccab0a5dd57a49bc8c92713b97
-
SSDEEP
1536:zKhft65BoLc7R5CYPZzXu7iDAzdOyDQJML7/9Ad+ekRwVqwQwbtTW9vKjr6KYR2+:EOW4VDs/DQ8AvVmw936Ka2KmrS65COEn
Malware Config
Extracted
pony
http://forum.xcpus.com:8080/forum/viewtopic.php
http://homelandfuel.com/forum/viewtopic.php
http://patrioticenergy.com/forum/viewtopic.php
http://rowenaelick.com/forum/viewtopic.php
-
payload_url
http://onlinemoneyadvantage.com/560Vv1.exe
http://bonacasa.it/yfsNG.exe
http://cenerini.zuffellato.com/Ysmehm.exe
Targets
-
-
Target
bcf94d95d8b116327c818ee00501670fe21f552da4a6ca4649bf164daad2ffe6.exe
-
Size
120KB
-
MD5
0ded0e035d042371da764757ba9699d5
-
SHA1
4cf6e6dad15b8852081818033df4175b9efb94e6
-
SHA256
bcf94d95d8b116327c818ee00501670fe21f552da4a6ca4649bf164daad2ffe6
-
SHA512
01ff2c9fb907bef762891e953768a67a6e48b45580deb4a52fa0eed98d070cc5fd1cd7bf1c61e8ceb3dd1193628c9a1184fab5ccab0a5dd57a49bc8c92713b97
-
SSDEEP
1536:zKhft65BoLc7R5CYPZzXu7iDAzdOyDQJML7/9Ad+ekRwVqwQwbtTW9vKjr6KYR2+:EOW4VDs/DQ8AvVmw936Ka2KmrS65COEn
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-