Overview

overview

10

Static

static

10

161b2315de...eb.exe

windows7-x64

10

161b2315de...eb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    161b2315de45b24630acb1272fdca0f1d5e942cdca429b131a66ff40cd2283eb

  • Size

    89KB

  • Sample

    221002-2xlqdaecf9

  • MD5

    63368e65792b42060d5b9dffef5ae876

  • SHA1

    d5bb7c41038093994917ff11c8d0bccdb94a4aef

  • SHA256

    161b2315de45b24630acb1272fdca0f1d5e942cdca429b131a66ff40cd2283eb

  • SHA512

    1c50205aa1c17ce6bb9063a2d75d423e0d363711b5c2dafe384f6906ee0d009efd51fe14077150ea3e109c8b8c70ef3d762b0408a3063b53d5b4e83d81bd422f

  • SSDEEP

    1536:3F83OHuDbqTFvYw1ntYbhIsmmYmXSQfLZiFuLCTGUadwlHKZODwQdTv0EIOkzZfa:V8DmntYbhIsmmYmFfLZO6CTGUadfODsS

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://204.145.81.43/pony/gate.php

http://204.145.81.46/pony/gate.php
Attributes
  • payload_url

    http://dns42.bserv.com/uacU.exe

    http://siecboc.com.br/LqEc.exe

    http://nucleo.4waysistemas.com.br/YuWZ.exe

    http://ephemeranet.com/iMXzNkp.exe

    http://212.235.100.120/5H5yCyG.exe

    http://enagrup.ro/UMTuHzKx.exe

Targets

    • Target

      161b2315de45b24630acb1272fdca0f1d5e942cdca429b131a66ff40cd2283eb

    • Size

      89KB

    • MD5

      63368e65792b42060d5b9dffef5ae876

    • SHA1

      d5bb7c41038093994917ff11c8d0bccdb94a4aef

    • SHA256

      161b2315de45b24630acb1272fdca0f1d5e942cdca429b131a66ff40cd2283eb

    • SHA512

      1c50205aa1c17ce6bb9063a2d75d423e0d363711b5c2dafe384f6906ee0d009efd51fe14077150ea3e109c8b8c70ef3d762b0408a3063b53d5b4e83d81bd422f

    • SSDEEP

      1536:3F83OHuDbqTFvYw1ntYbhIsmmYmXSQfLZiFuLCTGUadwlHKZODwQdTv0EIOkzZfa:V8DmntYbhIsmmYmFfLZO6CTGUadfODsS

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks