Overview

overview

10

Static

static

10

bee90d63e6...76.exe

windows7-x64

10

bee90d63e6...76.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bee90d63e627321efbc4377a80332c9a3c1d2d9bbbbafc35b458193571da4376

  • Size

    83KB

  • Sample

    221127-m4q64sfe9x

  • MD5

    a20bec86ff753b514f2699b1b5a232f0

  • SHA1

    d03c3577a20af62e3720c6f7fca9779ff41604d4

  • SHA256

    bee90d63e627321efbc4377a80332c9a3c1d2d9bbbbafc35b458193571da4376

  • SHA512

    9a2823e604d3e4fc36b4910036e169438dc99f43bdfe4b1ac6f502d68a1cf590b897a1b3bb8e742a4fe643786ab4e2360b6d060f22f066c16bbf1f0a243c2ffd

  • SSDEEP

    1536:WcCb0ztqThqtUpbJPfT8Mca/xYaX875eOF85jEEOKMukzmbS:y66pbtwMcJyOShEPObS

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://beanlovessheikh.com/php2/gate.php

Attributes
  • payload_url

    http://beanlovessheikh.com/php2/cc.exe

Targets

    • Target

      bee90d63e627321efbc4377a80332c9a3c1d2d9bbbbafc35b458193571da4376

    • Size

      83KB

    • MD5

      a20bec86ff753b514f2699b1b5a232f0

    • SHA1

      d03c3577a20af62e3720c6f7fca9779ff41604d4

    • SHA256

      bee90d63e627321efbc4377a80332c9a3c1d2d9bbbbafc35b458193571da4376

    • SHA512

      9a2823e604d3e4fc36b4910036e169438dc99f43bdfe4b1ac6f502d68a1cf590b897a1b3bb8e742a4fe643786ab4e2360b6d060f22f066c16bbf1f0a243c2ffd

    • SSDEEP

      1536:WcCb0ztqThqtUpbJPfT8Mca/xYaX875eOF85jEEOKMukzmbS:y66pbtwMcJyOShEPObS

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks