Overview

overview

10

Static

static

017a10811f...6f.exe

windows7_x64

10

017a10811f...6f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    017a10811f78555e8b87cd47c18c247860f5ee04e8e1971b895ed5f51cd17a6f.exe

  • Size

    118KB

  • Sample

    220521-yhzf5sgcbq

  • MD5

    590c694be1fe24073115a84a242b0eba

  • SHA1

    d643630621ad74289943a9592416bccb59220b6a

  • SHA256

    017a10811f78555e8b87cd47c18c247860f5ee04e8e1971b895ed5f51cd17a6f

  • SHA512

    e96031ad68cac74a63a95d1a49e11b66a87c29e4084ea84cae83e9397243def4f494e60545b9b7f495d915bcee497a68b50b16732912647b9cfe77f33761ddad

Score
10/10
ponycollectiondiscoveryratspywarestealersuricata

Malware Config

Extracted

Family

pony

C2

http://frankcremascocabinets.com/forum/viewtopic.php

http://giuseppepiruzza.com/forum/viewtopic.php

http://gordonpoint.biz/forum/viewtopic.php

http://gordonpoint.info/forum/viewtopic.php
Attributes
  • payload_url

    http://kryokontur.fr/EHZhPV.exe

    http://myshoppingbusiness.com/ngyLs.exe

    http://thoroughbredbuilder.com/dgJpw.exe

    http://megajet.fr/jnq14U7.exe

Targets

    • Target

      017a10811f78555e8b87cd47c18c247860f5ee04e8e1971b895ed5f51cd17a6f.exe

    • Size

      118KB

    • MD5

      590c694be1fe24073115a84a242b0eba

    • SHA1

      d643630621ad74289943a9592416bccb59220b6a

    • SHA256

      017a10811f78555e8b87cd47c18c247860f5ee04e8e1971b895ed5f51cd17a6f

    • SHA512

      e96031ad68cac74a63a95d1a49e11b66a87c29e4084ea84cae83e9397243def4f494e60545b9b7f495d915bcee497a68b50b16732912647b9cfe77f33761ddad

    Score
    10/10
    ponycollectiondiscoveryratspywarestealersuricata

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • suricata: ET MALWARE Fareit/Pony Downloader Checkin 2

      suricata: ET MALWARE Fareit/Pony Downloader Checkin 2

      suricata

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks