Overview

overview

10

Static

static

6bd85b343b...1f.exe

windows7-x64

10

6bd85b343b...1f.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6bd85b343bc2343ff626f234b3fd067bb6807503856c90fea0f2916fc5b1ae1f

  • Size

    595KB

  • Sample

    221126-jkhh3scg58

  • MD5

    187e823d21f4f97771aaba5317d47470

  • SHA1

    df211400139ee9229a364dd78560bcf119057a8f

  • SHA256

    6bd85b343bc2343ff626f234b3fd067bb6807503856c90fea0f2916fc5b1ae1f

  • SHA512

    4d86ba93b158d5e6864485a420e636131a5036b9e06ec376a356b75434303397318749241f80591c6d0c0f502f973908c38d324cf910a87364e70a9409d33f00

  • SSDEEP

    12288:ko0ZjcnNr3So4Ybgob0vSZcVm/IMnfiNAKrCVFcHaaq3J:kPZjcnxh4eIvFMIQ6PrCVkaaq5

Score
10/10
ponycollectiondiscoveryratspywarestealerupx

Malware Config

Extracted

Family

pony

C2

http://orangeisabitch.net16.net/gate.php

Targets

    • Target

      6bd85b343bc2343ff626f234b3fd067bb6807503856c90fea0f2916fc5b1ae1f

    • Size

      595KB

    • MD5

      187e823d21f4f97771aaba5317d47470

    • SHA1

      df211400139ee9229a364dd78560bcf119057a8f

    • SHA256

      6bd85b343bc2343ff626f234b3fd067bb6807503856c90fea0f2916fc5b1ae1f

    • SHA512

      4d86ba93b158d5e6864485a420e636131a5036b9e06ec376a356b75434303397318749241f80591c6d0c0f502f973908c38d324cf910a87364e70a9409d33f00

    • SSDEEP

      12288:ko0ZjcnNr3So4Ybgob0vSZcVm/IMnfiNAKrCVFcHaaq3J:kPZjcnxh4eIvFMIQ6PrCVkaaq5

    Score
    10/10
    ponycollectiondiscoveryratspywarestealerupx

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks