Overview

overview

10

Static

static

b152f74631...39.exe

windows7-x64

10

b152f74631...39.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639

  • Size

    146KB

  • Sample

    221126-be8t3sec2x

  • MD5

    0596c354d3bc4a70f76e86ac44e5179e

  • SHA1

    de5db12f41c299116aeaf27d1d6b66c1649d3890

  • SHA256

    b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639

  • SHA512

    424ce957cb7631d632ce5f1cb806f9a67a78f8e43f856b321c1f08270148fc92edf921f59fd58e6c3ee999619fef46c2612e8768ace0dbd422abc804fd15626d

  • SSDEEP

    3072:Ws7dFzS0qcFuKAfCw7ntjPGy/gud9T7Pxgvk4C21sr7c85GKdMkvtFx0iuFRQWHK:Ws7dFzS0I9Kej+r69GvXCei7qTTiuaW

Score
10/10
ponycollectionratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://185.7.35.9/~peakedca/home/gate.php

Targets

    • Target

      b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639

    • Size

      146KB

    • MD5

      0596c354d3bc4a70f76e86ac44e5179e

    • SHA1

      de5db12f41c299116aeaf27d1d6b66c1649d3890

    • SHA256

      b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639

    • SHA512

      424ce957cb7631d632ce5f1cb806f9a67a78f8e43f856b321c1f08270148fc92edf921f59fd58e6c3ee999619fef46c2612e8768ace0dbd422abc804fd15626d

    • SSDEEP

      3072:Ws7dFzS0qcFuKAfCw7ntjPGy/gud9T7Pxgvk4C21sr7c85GKdMkvtFx0iuFRQWHK:Ws7dFzS0I9Kej+r69GvXCei7qTTiuaW

    Score
    10/10
    ponycollectionratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks