Overview

overview

10

Static

static

971cddc72c...c8.exe

windows7-x64

10

971cddc72c...c8.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    971cddc72c1aabe9dd24c9a803c978763e932d16d172227c700d362676a141c8

  • Size

    121KB

  • Sample

    221003-baxk9ahgd6

  • MD5

    6d275279e9f31d9873f71773e23bf4d0

  • SHA1

    7c9ae708b7cb1063b2b5ff13db98dc29a6da4c25

  • SHA256

    971cddc72c1aabe9dd24c9a803c978763e932d16d172227c700d362676a141c8

  • SHA512

    b1532386ba4f4fea25c4565f9663ae5e7bf3256d4ee7c74f8b799c9f294a167f3bce26024a24bc3c1354bc3d8725be167030499e8629d7ef91dcf378f5097682

  • SSDEEP

    1536:1IAgBUh/dC62HicSj6RQuAt2KVgKTrcv2DDDz2Hik//tS55S3Zo6enfQdtTm:1qClC62CczEgacvCDz2Hf9STSpot2g

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://aapros.org/forum/viewtopic.php

http://automaintenancegreeley.com/forum/viewtopic.php

http://autorepairevans.com/forum/viewtopic.php
Attributes
  • payload_url

    http://ftp.bluemoon.eu/byuk.exe

    http://EZGOLFLESSONS.COM/Z50uke.exe

    http://198.170.76.118/nMzEc0.exe

Targets

    • Target

      971cddc72c1aabe9dd24c9a803c978763e932d16d172227c700d362676a141c8

    • Size

      121KB

    • MD5

      6d275279e9f31d9873f71773e23bf4d0

    • SHA1

      7c9ae708b7cb1063b2b5ff13db98dc29a6da4c25

    • SHA256

      971cddc72c1aabe9dd24c9a803c978763e932d16d172227c700d362676a141c8

    • SHA512

      b1532386ba4f4fea25c4565f9663ae5e7bf3256d4ee7c74f8b799c9f294a167f3bce26024a24bc3c1354bc3d8725be167030499e8629d7ef91dcf378f5097682

    • SSDEEP

      1536:1IAgBUh/dC62HicSj6RQuAt2KVgKTrcv2DDDz2Hik//tS55S3Zo6enfQdtTm:1qClC62CczEgacvCDz2Hf9STSpot2g

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks