Overview

overview

10

Static

static

9101909e17...7a.exe

windows7-x64

10

9101909e17...7a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9101909e17fc34c22f250b024c5b3dad738ff3c25d165c56b722b5bccf86087a

  • Size

    266KB

  • Sample

    221128-pp388sch99

  • MD5

    c00ecccc3b1f56d4b832228780fbb6e6

  • SHA1

    0819ddaa519b8765dec247cc5c0a927917862e4a

  • SHA256

    9101909e17fc34c22f250b024c5b3dad738ff3c25d165c56b722b5bccf86087a

  • SHA512

    f12d18775048d0bacf066c22c9ae7dc1a6af273a9bbf0c67f7edff10e7eb3b26ac27f7a8f76561a578c400e3726d5dd4c011b91f776259bd590ff7c0ae714a28

  • SSDEEP

    3072:22edmL7QpK1KxIYxNxMuM8JpSeT9v9syY0aqNFIk7bTLZLMIV1zHP+NcYUCj4ra:LeMLWAK/RMurplVnUqNuA26b8eCjZ

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://faststornet.com/gate.php

http://nestorganje.com/gate.php

http://ferginestor.com/gate.php
Attributes
  • payload_url

    http://valerunners.com/wp-content/m1g.exe

    http://cbearmusic.com/wp-content/plugins/cached_data/m1g.exe

    http://cedecat.com/wp-content/plugins/cached_data/m1g.exe

    http://centraljerseyjointandspine.com/wp-content/plugins/cached_data/m1g.exe

Targets

    • Target

      9101909e17fc34c22f250b024c5b3dad738ff3c25d165c56b722b5bccf86087a

    • Size

      266KB

    • MD5

      c00ecccc3b1f56d4b832228780fbb6e6

    • SHA1

      0819ddaa519b8765dec247cc5c0a927917862e4a

    • SHA256

      9101909e17fc34c22f250b024c5b3dad738ff3c25d165c56b722b5bccf86087a

    • SHA512

      f12d18775048d0bacf066c22c9ae7dc1a6af273a9bbf0c67f7edff10e7eb3b26ac27f7a8f76561a578c400e3726d5dd4c011b91f776259bd590ff7c0ae714a28

    • SSDEEP

      3072:22edmL7QpK1KxIYxNxMuM8JpSeT9v9syY0aqNFIk7bTLZLMIV1zHP+NcYUCj4ra:LeMLWAK/RMurplVnUqNuA26b8eCjZ

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks