Overview

overview

10

Static

static

875aab4628...92.exe

windows7-x64

10

875aab4628...92.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    875aab4628036ffd9615f716a9b37a6e279749e9e8dc9ded7f4261dc4b4ab092

  • Size

    114KB

  • Sample

    221201-chal5aec25

  • MD5

    0d720f6a20a9209f9c80abca68b26c20

  • SHA1

    7ef0a23923778b0b4e68d5335e4a02e518d3c168

  • SHA256

    875aab4628036ffd9615f716a9b37a6e279749e9e8dc9ded7f4261dc4b4ab092

  • SHA512

    ada7fe55d4292f8ea07ba7cd17be7cbba2069c9c3f69e4f936a0f606de9aa9ea190025898b9c3059f0192633a8bbed8a9b7c8d85eaf71f3932b08a7478081793

  • SSDEEP

    3072:ex519Fns1z/tSqscMzbR5ioZBLX7NT0lkBc7:m5Nsd/tSqpYPpZN0lV

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://abescasualgrill.net/forum/viewtopic.php

http://abescasualgrill.org/forum/viewtopic.php

http://abesexpress.com/forum/viewtopic.php

http://abesgastropub.co/forum/viewtopic.php
Attributes
  • payload_url

    http://kryokontur.fr/EHZhPV.exe

    http://myshoppingbusiness.com/ngyLs.exe

    http://foromaquinas.net/JHdczhdQ.exe

    http://megajet.fr/jnq14U7.exe

Targets

    • Target

      875aab4628036ffd9615f716a9b37a6e279749e9e8dc9ded7f4261dc4b4ab092

    • Size

      114KB

    • MD5

      0d720f6a20a9209f9c80abca68b26c20

    • SHA1

      7ef0a23923778b0b4e68d5335e4a02e518d3c168

    • SHA256

      875aab4628036ffd9615f716a9b37a6e279749e9e8dc9ded7f4261dc4b4ab092

    • SHA512

      ada7fe55d4292f8ea07ba7cd17be7cbba2069c9c3f69e4f936a0f606de9aa9ea190025898b9c3059f0192633a8bbed8a9b7c8d85eaf71f3932b08a7478081793

    • SSDEEP

      3072:ex519Fns1z/tSqscMzbR5ioZBLX7NT0lkBc7:m5Nsd/tSqpYPpZN0lV

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks