Overview

overview

10

Static

static

a3a792a942...ae.exe

windows7-x64

10

a3a792a942...ae.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3a792a942844a4b21fde8bc3e19b74457c3bb63f88b111604ffd8852ab464ae

  • Size

    114KB

  • Sample

    221002-pwlyjafcf7

  • MD5

    71941755e050320bab739e14dcbb45a0

  • SHA1

    4b4aac83ad035a93d00bcabc2b3cb4c5eb204d55

  • SHA256

    a3a792a942844a4b21fde8bc3e19b74457c3bb63f88b111604ffd8852ab464ae

  • SHA512

    a1fb60b1fbd2968416e2a0af714ed83442a36620d97f3e7cb6eab3614942ad840ea1458d6a17b5abf09d5b06b1f75ed9aaa5e487c85f00b197888b9c026ed35d

  • SSDEEP

    1536:W8y9sJEDdD+Xfy9Wyi8W9m1KiydIL/S0+ogH8YRPlaTTesOBmmTu6C:W8yzt+aMcW9m4ITeR8YRP6TrWg

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://aandimedsolutions.info/ponyb/gate.php

http://aandimedsolutions.net/ponyb/gate.php

http://antarcticland-union.it/ponyb/gate.php

http://antarcticland-union.org/ponyb/gate.php
Attributes
  • payload_url

    http://aprilaire700.com/JAGsLTE.exe

    http://ftp.ppp.at/MhCSKv.exe

    http://bremer-haus.de/xPNtQ.exe

    http://salsaconfuego.com/RCY.exe

Targets

    • Target

      a3a792a942844a4b21fde8bc3e19b74457c3bb63f88b111604ffd8852ab464ae

    • Size

      114KB

    • MD5

      71941755e050320bab739e14dcbb45a0

    • SHA1

      4b4aac83ad035a93d00bcabc2b3cb4c5eb204d55

    • SHA256

      a3a792a942844a4b21fde8bc3e19b74457c3bb63f88b111604ffd8852ab464ae

    • SHA512

      a1fb60b1fbd2968416e2a0af714ed83442a36620d97f3e7cb6eab3614942ad840ea1458d6a17b5abf09d5b06b1f75ed9aaa5e487c85f00b197888b9c026ed35d

    • SSDEEP

      1536:W8y9sJEDdD+Xfy9Wyi8W9m1KiydIL/S0+ogH8YRPlaTTesOBmmTu6C:W8yzt+aMcW9m4ITeR8YRP6TrWg

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks