Overview

overview

10

Static

static

1bf9f2ba60...72.exe

windows7-x64

10

1bf9f2ba60...72.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bf9f2ba608fddd01e07cbcd9dd9faeb51ba56acd6664932920f3e52231ce972

  • Size

    596KB

  • Sample

    221126-jkh5lsfg5s

  • MD5

    b09a08656becc46cf4f0547926f90cf8

  • SHA1

    0b6f000fad78f9d9082344c724c0a2637046080e

  • SHA256

    1bf9f2ba608fddd01e07cbcd9dd9faeb51ba56acd6664932920f3e52231ce972

  • SHA512

    cf77f7ee2720836db3f9480d244e5f3b9ed38e5ff981ae1b25c58e031571a6681886e5665c66b5303baf5880f9b75e3267e6a323c5cd18e0849bcb731bbf52de

  • SSDEEP

    12288:ko0ZjcnNr3Sh4Ybgob0vSZcVm/IMnfiNAKrq4HMklp8W6Q1F:kPZjcnxY4eIvFMIQ6Pr7n

Score
10/10
ponycollectiondiscoveryratspywarestealerupx

Malware Config

Extracted

Family

pony

C2

http://orangeisabitch.net16.net/gate.php

Targets

    • Target

      1bf9f2ba608fddd01e07cbcd9dd9faeb51ba56acd6664932920f3e52231ce972

    • Size

      596KB

    • MD5

      b09a08656becc46cf4f0547926f90cf8

    • SHA1

      0b6f000fad78f9d9082344c724c0a2637046080e

    • SHA256

      1bf9f2ba608fddd01e07cbcd9dd9faeb51ba56acd6664932920f3e52231ce972

    • SHA512

      cf77f7ee2720836db3f9480d244e5f3b9ed38e5ff981ae1b25c58e031571a6681886e5665c66b5303baf5880f9b75e3267e6a323c5cd18e0849bcb731bbf52de

    • SSDEEP

      12288:ko0ZjcnNr3Sh4Ybgob0vSZcVm/IMnfiNAKrq4HMklp8W6Q1F:kPZjcnxY4eIvFMIQ6Pr7n

    Score
    10/10
    ponycollectiondiscoveryratspywarestealerupx

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks