pony | bc2f593e8245d9295aa8fc8329e2e740709f517ecce2647869b110f272de28bb | Triage

Submit
Reports

Overview

overview

Static

static

bc2f593e82...bb.exe

windows7_x64

bc2f593e82...bb.exe

windows10-2004_x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

bc2f593e8245d9295aa8fc8329e2e740709f517ecce2647869b110f272de28bb.exe

Resource

win7-20220414-en

neshta pony persistence rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bc2f593e8245d9295aa8fc8329e2e740709f517ecce2647869b110f272de28bb.exe

Resource

win10v2004-20220414-en

neshta pony persistence rat spyware stealer

windows10-2004_x64

0 signatures

0 seconds

General

Target

bc2f593e8245d9295aa8fc8329e2e740709f517ecce2647869b110f272de28bb
Size

744KB
MD5

a3fc29c6698ca5989e265daec8747bcb
SHA1

dfa0fa264b796d564406f21af73cb77e2f5fe22d
SHA256

bc2f593e8245d9295aa8fc8329e2e740709f517ecce2647869b110f272de28bb
SHA512

3e0e79fa91b7a3b8fffd59763ce39203c8e88bceed64cb4964592738546fc2050210cf76df591cfe4badbf76bba9c781518102cc53836e6df09a77497d7e246e
SSDEEP

12288:rzN5k2PUlwKZRboU5JjqvU9XcK7oJt34DO9Gc2ywwf:f3khlZJ5JjWafkJtHzw

Score

10^/10

pony

Malware Config

Extracted

Family

pony

C2

http://kahramanlarotolastik.com/w/terry/panel/gate.php

Attributes

payload_url
http://myp0nysite.ru/shit.exe

Signatures

Pony family
pony

Files

bc2f593e8245d9295aa8fc8329e2e740709f517ecce2647869b110f272de28bb
.exe windows x86

b588ef19887a4be6103bc416a58eac83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord583
ord692
ord693
ord696
MethCallEngine
ord517
ord669
ord595
ord707
ord632
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord671
ord675
ord678
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord713
ord606
ord714
ord608
ord531
ord717
ord647
ord575
ord685
ord100
ord689
ord611
ord614
ord617
ord541
ord651

Sections

.text
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy