Overview

overview

10

Static

static

29f94febba...9e.exe

windows7-x64

10

29f94febba...9e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29f94febbac1b9a2ccd4d94e3d39cfb1d58519d2fa64bffaaa4e7b77dc46779e

  • Size

    109KB

  • Sample

    221123-lvwvkafg5x

  • MD5

    171964df131f80b9539ae742fdd0e734

  • SHA1

    ec30df099d9f7157a3c210657c0ee81805946465

  • SHA256

    29f94febbac1b9a2ccd4d94e3d39cfb1d58519d2fa64bffaaa4e7b77dc46779e

  • SHA512

    bcd0087dd9843f4612d7a488575a5c7640bf8cba602f5421db724ab79c966b6b8acec409509474971dd9a130f539a9ed52f1d388be3af04cff45726382411cf3

  • SSDEEP

    3072:rJZIqCxrmFlBIoCTLBYJZa4MOamUKx3zrnpoIZ2ayBusODV:9ZIbxrmFllouva4MOp99oe2RODV

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://golklopro.com/bitrix/modules.php

http://cosjesgame.su/bitrix/modules.php
Attributes
  • payload_url

    http://teles4.com/333.exe

    http://gavilan.cl/333.exe

    http://emstudio.fr/333.exe

    http://calduler.com/333.exe

    http://iamsaved.org/333.exe

Targets

    • Target

      29f94febbac1b9a2ccd4d94e3d39cfb1d58519d2fa64bffaaa4e7b77dc46779e

    • Size

      109KB

    • MD5

      171964df131f80b9539ae742fdd0e734

    • SHA1

      ec30df099d9f7157a3c210657c0ee81805946465

    • SHA256

      29f94febbac1b9a2ccd4d94e3d39cfb1d58519d2fa64bffaaa4e7b77dc46779e

    • SHA512

      bcd0087dd9843f4612d7a488575a5c7640bf8cba602f5421db724ab79c966b6b8acec409509474971dd9a130f539a9ed52f1d388be3af04cff45726382411cf3

    • SSDEEP

      3072:rJZIqCxrmFlBIoCTLBYJZa4MOamUKx3zrnpoIZ2ayBusODV:9ZIbxrmFllouva4MOp99oe2RODV

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks