Overview

overview

10

Static

static

1

c4c21a36bd...b3.exe

windows7_x64

1

c4c21a36bd...b3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4c21a36bd1f32a71dd00f0bd2fa78c9ab6cc9df30de77f4f99cb5d0da080cb3.exe

  • Size

    331KB

  • Sample

    210503-rk85nbde6e

  • MD5

    94c33eb1b3a778c5b38d55c5fd40f2ab

  • SHA1

    10e1a14fc45346a5d4bccfff8d46bf90929fc66c

  • SHA256

    c4c21a36bd1f32a71dd00f0bd2fa78c9ab6cc9df30de77f4f99cb5d0da080cb3

  • SHA512

    92b5cbde3ed79d4b1a2fccf8fc29f8d2b5a18ed158bccdda2350b6802d774bd4e2c083b31a9fdb81b67b1712fa9fce175d2e28fded75e0ba0a3918d52c00ffb9

Score
10/10
ponyratspywarestealer

Malware Config

Targets

    • Target

      c4c21a36bd1f32a71dd00f0bd2fa78c9ab6cc9df30de77f4f99cb5d0da080cb3.exe

    • Size

      331KB

    • MD5

      94c33eb1b3a778c5b38d55c5fd40f2ab

    • SHA1

      10e1a14fc45346a5d4bccfff8d46bf90929fc66c

    • SHA256

      c4c21a36bd1f32a71dd00f0bd2fa78c9ab6cc9df30de77f4f99cb5d0da080cb3

    • SHA512

      92b5cbde3ed79d4b1a2fccf8fc29f8d2b5a18ed158bccdda2350b6802d774bd4e2c083b31a9fdb81b67b1712fa9fce175d2e28fded75e0ba0a3918d52c00ffb9

    Score
    10/10
    ponyratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks