Overview

overview

10

Static

static

8

4ab4e1998e...61.exe

windows7_x64

10

4ab4e1998e...61.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ab4e1998e42ef5cc96cf53aed6743f96607af23841a36f255ed1be6c8b31461.exe

  • Size

    74KB

  • Sample

    220521-yhyvlsdac9

  • MD5

    0829a42258ef1ec6d9abb92d53aa230f

  • SHA1

    2f285a08daeb710f383e6f8883946c2daac930f4

  • SHA256

    4ab4e1998e42ef5cc96cf53aed6743f96607af23841a36f255ed1be6c8b31461

  • SHA512

    087227a3ec44ad50ff428f2b4037b746d199c0b250a2d6ddcf9027cd27a03bf6f3f00add11c59b681f62096b5555ac2e47aa41459b23a3ad89acc00bb22774b6

Score
10/10
ponydiscoveryratspywarestealersuricataupx

Malware Config

Extracted

Family

pony

C2

http://www.abogadosiriarte.com/resp.php

http://www.azucarnatural.com/resp.php

Targets

    • Target

      4ab4e1998e42ef5cc96cf53aed6743f96607af23841a36f255ed1be6c8b31461.exe

    • Size

      74KB

    • MD5

      0829a42258ef1ec6d9abb92d53aa230f

    • SHA1

      2f285a08daeb710f383e6f8883946c2daac930f4

    • SHA256

      4ab4e1998e42ef5cc96cf53aed6743f96607af23841a36f255ed1be6c8b31461

    • SHA512

      087227a3ec44ad50ff428f2b4037b746d199c0b250a2d6ddcf9027cd27a03bf6f3f00add11c59b681f62096b5555ac2e47aa41459b23a3ad89acc00bb22774b6

    Score
    10/10
    ponydiscoveryratspywarestealersuricataupx

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • suricata: ET MALWARE Fareit/Pony Downloader Checkin 2

      suricata: ET MALWARE Fareit/Pony Downloader Checkin 2

      suricata

    • suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98

      suricata: ET MALWARE Pony Downloader HTTP Library MSIE 5 Win98

      suricata

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks