Overview

overview

10

Static

static

dbcca5e8f6...3c.exe

windows7-x64

10

dbcca5e8f6...3c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbcca5e8f6fc5c8c9e5e19d0abb86f6bce376f15cd95e4dfc17dc48f6823063c

  • Size

    197KB

  • Sample

    221126-b8tbgsgb6x

  • MD5

    c8afc8295cfab3553144dd0dcb5462bb

  • SHA1

    225d61a6625799335bea0af867a2917df9ed5f87

  • SHA256

    dbcca5e8f6fc5c8c9e5e19d0abb86f6bce376f15cd95e4dfc17dc48f6823063c

  • SHA512

    a7682feecce04f2589502daec3b97cd6d67a513a0afadc52521b3e5cf21d0f8f47a286f8e7556599b19997a5281d78827b6230ecc67ee6e686c8b5c777731e82

  • SSDEEP

    6144:3xcVLIizxjE5rQs1w2hTY5BYsfx43dT2zGO:CIijEu0jhYospYdT2z

Score
10/10
ponycollectionpersistenceratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://swankafan.com/smile/smile/Panel/gate.php

Attributes
  • payload_url

    http://www.celitel-rf.ru/server.exe

    http://www.celitel-rf.ru/server2.exe

Targets

    • Target

      dbcca5e8f6fc5c8c9e5e19d0abb86f6bce376f15cd95e4dfc17dc48f6823063c

    • Size

      197KB

    • MD5

      c8afc8295cfab3553144dd0dcb5462bb

    • SHA1

      225d61a6625799335bea0af867a2917df9ed5f87

    • SHA256

      dbcca5e8f6fc5c8c9e5e19d0abb86f6bce376f15cd95e4dfc17dc48f6823063c

    • SHA512

      a7682feecce04f2589502daec3b97cd6d67a513a0afadc52521b3e5cf21d0f8f47a286f8e7556599b19997a5281d78827b6230ecc67ee6e686c8b5c777731e82

    • SSDEEP

      6144:3xcVLIizxjE5rQs1w2hTY5BYsfx43dT2zGO:CIijEu0jhYospYdT2z

    Score
    10/10
    ponycollectionpersistenceratspywarestealer

    • Modifies WinLogon for persistence

      persistence

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks