Overview

overview

10

Static

static

19C12165C5...5D.exe

windows7-x64

10

19C12165C5...5D.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19C12165C512D8BE136814349B0D0F86B9D3242D6EF5D.exe

  • Size

    141KB

  • Sample

    220926-v5dw6scfbr

  • MD5

    c9571839996d324f24d6f352b35b6102

  • SHA1

    0b6a37d7f70d6ab13e2af34eb75870abd14be65f

  • SHA256

    19c12165c512d8be136814349b0d0f86b9d3242d6ef5d282e89cf2f155c07586

  • SHA512

    eb622752931fa49576b9f303c429063a87631a4cec2870d96eb82d5b8e33136148849337fb0211864697ac015e1ce3d3afb2ca01ab6d8f3b67a6305a9977ecd3

  • SSDEEP

    3072:5PZdafpDAdAejCHggOaMISTYpAPppppZppppppppppQppppppppZpppppppppppo:eDAGe4ggBMVTYOPppppZppppppppppQQ

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://8.koguis.com/forum/viewtopic.php

http://8.axellelemaire.org/forum/viewtopic.php
Attributes
  • payload_url

    http://www.escriva.sidcalsi.info/YeC27AL1/JS7wKQ.exe

    http://stefcactb.com/VnZkVsuK/mmTqjtaf.exe

    http://stayinfranschhoek.co.za/pTi3WPEk/j6K.exe

    http://casasolafoto.com/WWUKduVh/Xwz4Te7.exe

    http://gsfineart.com/vTpCZvTb/c1GJtSY6.exe

    http://www.aptron2.com/AS2UKs6C/C0kktLBu.exe

    http://megacentercicekci.com/b4NtBEV3/BZ3xdXgM.exe

Targets

    • Target

      19C12165C512D8BE136814349B0D0F86B9D3242D6EF5D.exe

    • Size

      141KB

    • MD5

      c9571839996d324f24d6f352b35b6102

    • SHA1

      0b6a37d7f70d6ab13e2af34eb75870abd14be65f

    • SHA256

      19c12165c512d8be136814349b0d0f86b9d3242d6ef5d282e89cf2f155c07586

    • SHA512

      eb622752931fa49576b9f303c429063a87631a4cec2870d96eb82d5b8e33136148849337fb0211864697ac015e1ce3d3afb2ca01ab6d8f3b67a6305a9977ecd3

    • SSDEEP

      3072:5PZdafpDAdAejCHggOaMISTYpAPppppZppppppppppQppppppppZpppppppppppo:eDAGe4ggBMVTYOPppppZppppppppppQQ

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks