Overview

overview

10

Static

static

1

vwr 30.04....df.exe

windows7_x64

10

vwr 30.04....df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vwr 30.04.2021.pdf.exe

  • Size

    345KB

  • Sample

    210503-37j1w6826s

  • MD5

    44494bc59e013ee4dbd957ccd3a6b9da

  • SHA1

    64d69d179d20bab2cc7477888501d9fb461acad9

  • SHA256

    996059b3ab129e61f18969def21575cfefe1c32eb496720694f4adc342882b33

  • SHA512

    a8329dc3c0be24c9f0a37049b18684e3a791f71047485b561da4be3b3d656b1364d37db81f5d453a5a4198c0aa8f4626ba50fa7cccef365cf5d822c9191e1496

Score
10/10
ponyratspywarestealer

Malware Config

Targets

    • Target

      vwr 30.04.2021.pdf.exe

    • Size

      345KB

    • MD5

      44494bc59e013ee4dbd957ccd3a6b9da

    • SHA1

      64d69d179d20bab2cc7477888501d9fb461acad9

    • SHA256

      996059b3ab129e61f18969def21575cfefe1c32eb496720694f4adc342882b33

    • SHA512

      a8329dc3c0be24c9f0a37049b18684e3a791f71047485b561da4be3b3d656b1364d37db81f5d453a5a4198c0aa8f4626ba50fa7cccef365cf5d822c9191e1496

    Score
    10/10
    ponyratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks