Overview

overview

10

Static

static

77448484848.scr

windows7_x64

10

77448484848.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77448484848.scr

  • Size

    892KB

  • Sample

    200709-mx37x9vqax

  • MD5

    70dba93e5db5b7b8fd48add53d608b3f

  • SHA1

    e23615d9f5cae44259f4ab24b5c32a629a85f1e3

  • SHA256

    d31c1aa598252bced9b3fef25a20045d48b91e929e8d7353ffd30bdb3a1a3cf4

  • SHA512

    415d08b466f6064bbadcb840ac11809fa360b0218c69d7a4c95f98caae96deefe8cf8519ad41b93a994bd268772f91d5a8acb663c7b8e3469074c303f3f52ec0

Score
10/10
ponydiscoveryevasionpersistenceratspywarestealertrojan

Malware Config

Targets

    • Target

      77448484848.scr

    • Size

      892KB

    • MD5

      70dba93e5db5b7b8fd48add53d608b3f

    • SHA1

      e23615d9f5cae44259f4ab24b5c32a629a85f1e3

    • SHA256

      d31c1aa598252bced9b3fef25a20045d48b91e929e8d7353ffd30bdb3a1a3cf4

    • SHA512

      415d08b466f6064bbadcb840ac11809fa360b0218c69d7a4c95f98caae96deefe8cf8519ad41b93a994bd268772f91d5a8acb663c7b8e3469074c303f3f52ec0

    Score
    10/10
    spywareevasiontrojanpersistencediscoveryratstealerpony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks for installed software on the system

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops Chrome extension

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks