cobaltstrike | 80cf88e375fc64d9f7d3c50d7e3db16efc75ebb0f0cfd3cf53c6d23333babf3d | Triage

Sharing

General

Target

80cf88e375fc64d9f7d3c50d7e3db16efc75ebb0f0cfd3cf53c6d23333babf3d
Size

146KB
Sample

221201-c4pyyaga96
MD5

52c6c5fa4fd8c006998d1b8ec7cfc545
SHA1

bd5a51a5968b0c2c52caab1b85a3b1c8802f0931
SHA256

80cf88e375fc64d9f7d3c50d7e3db16efc75ebb0f0cfd3cf53c6d23333babf3d
SHA512

840342f8f06d0600943d91712c6f806b4ff30488da090134aac42a9a6276d779a54f1f29806c0f97df63ad77276aadf343a5be158572dca1b28597b8c1982954
SSDEEP

3072:xDDyMnV5ruggEdZW9rskJsajdbUB7IVvpaJQC1D964puu:ByWJgEDW9g8xbMyaeCJ7ou

Score

10^/10

cobaltstrike pony backdoor rat spyware stealer trojan

Malware Config

Extracted

Family

pony

C2

http://66.55.89.150:8080/forum/viewtopic.php

http://66.55.89.151:8080/forum/viewtopic.php

Attributes

payload_url
http://vs170173.vserver.de/YUu4aici/7C6a.exe

Targets

- Target
  
  80cf88e375fc64d9f7d3c50d7e3db16efc75ebb0f0cfd3cf53c6d23333babf3d
- Size
  
  146KB
- MD5
  
  52c6c5fa4fd8c006998d1b8ec7cfc545
- SHA1
  
  bd5a51a5968b0c2c52caab1b85a3b1c8802f0931
- SHA256
  
  80cf88e375fc64d9f7d3c50d7e3db16efc75ebb0f0cfd3cf53c6d23333babf3d
- SHA512
  
  840342f8f06d0600943d91712c6f806b4ff30488da090134aac42a9a6276d779a54f1f29806c0f97df63ad77276aadf343a5be158572dca1b28597b8c1982954
- SSDEEP
  
  3072:xDDyMnV5ruggEdZW9rskJsajdbUB7IVvpaJQC1D964puu:ByWJgEDW9g8xbMyaeCJ7ou
Score

10^/10

cobaltstrike pony backdoor rat spyware stealer trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikeponybackdoorratspywarestealertrojan

behavioral2

cobaltstrikeponybackdoorratspywarestealertrojan