Overview

overview

10

Static

static

d5ebc1dfd2...21.exe

windows7-x64

10

d5ebc1dfd2...21.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5ebc1dfd2b9f7e322dc802f390a8be0ecb17c667c90e68c75255ffef73d0721

  • Size

    114KB

  • Sample

    221002-pbn76afgfp

  • MD5

    679ccf0d1d1f9d0a9cbc08edbdc6fd60

  • SHA1

    adb96b5c3114628e6e3ff078da8f582159f1c9e2

  • SHA256

    d5ebc1dfd2b9f7e322dc802f390a8be0ecb17c667c90e68c75255ffef73d0721

  • SHA512

    cda37a5a1e2892343735b8c2ef2d15270633e600738da6d339ec3be8a57ad00f38e9180312408692dbfcd80120c6e0a6951734f9dede7640972a21fdbae62f3f

  • SSDEEP

    3072:gLXV2sVB3kKs10c6h7xQGKq0BD6MURkZ5MX:5s5seph7xQG26MZ+

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://beachfrontconcierge.com/ponyb/gate.php

http://dinneraffairs.com/ponyb/gate.php

http://douglasvillestorage.com/ponyb/gate.php

http://herblade.com/ponyb/gate.php
Attributes
  • payload_url

    http://gaiahpl.com/QQuAzs.exe

    http://kandu.de/7qW5tXSm.exe

    http://s252653471.onlinehome.us/SPJYZe.exe

Targets

    • Target

      d5ebc1dfd2b9f7e322dc802f390a8be0ecb17c667c90e68c75255ffef73d0721

    • Size

      114KB

    • MD5

      679ccf0d1d1f9d0a9cbc08edbdc6fd60

    • SHA1

      adb96b5c3114628e6e3ff078da8f582159f1c9e2

    • SHA256

      d5ebc1dfd2b9f7e322dc802f390a8be0ecb17c667c90e68c75255ffef73d0721

    • SHA512

      cda37a5a1e2892343735b8c2ef2d15270633e600738da6d339ec3be8a57ad00f38e9180312408692dbfcd80120c6e0a6951734f9dede7640972a21fdbae62f3f

    • SSDEEP

      3072:gLXV2sVB3kKs10c6h7xQGKq0BD6MURkZ5MX:5s5seph7xQG26MZ+

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks