cobaltstrike | 524ed4dfb049ce662401bc49edd640ef30a188f3d9cb4080387db282ffeb675c | Triage

Sharing

General

Target

524ed4dfb049ce662401bc49edd640ef30a188f3d9cb4080387db282ffeb675c
Size

153KB
Sample

221201-e5wh8ahe91
MD5

a1d613c1284b8184272f77f240750216
SHA1

17ba1f454ba64dba48236e5a653e36108576d416
SHA256

524ed4dfb049ce662401bc49edd640ef30a188f3d9cb4080387db282ffeb675c
SHA512

fb749c3d5b513758da840be0be1b5b184792c893a1eddaf2c8db5e880f8d9973299e9192126affdd6e14946ba27f27bc8ef652bf4b539cdd78899de978c17901
SSDEEP

3072:d2jpmyvLmkHxOOyado8X17dcMnAqEVFAOfxb15AKrUi/HErq9M5J:Y55Bbo8QqAqEVFxbLA8jnm

Score

10^/10

cobaltstrike pony backdoor rat spyware stealer trojan

Malware Config

Extracted

Family

pony

C2

http://66.55.89.148:8080/forum/viewtopic.php

http://66.55.89.149:8080/forum/viewtopic.php

Attributes

payload_url
http://www.komzedo.com.ba/oEj.exe
http://agradealuminium.com.au/JiKi.exe
http://elektrabukacek.cz/hs9HBpbT.exe

Targets

- Target
  
  524ed4dfb049ce662401bc49edd640ef30a188f3d9cb4080387db282ffeb675c
- Size
  
  153KB
- MD5
  
  a1d613c1284b8184272f77f240750216
- SHA1
  
  17ba1f454ba64dba48236e5a653e36108576d416
- SHA256
  
  524ed4dfb049ce662401bc49edd640ef30a188f3d9cb4080387db282ffeb675c
- SHA512
  
  fb749c3d5b513758da840be0be1b5b184792c893a1eddaf2c8db5e880f8d9973299e9192126affdd6e14946ba27f27bc8ef652bf4b539cdd78899de978c17901
- SSDEEP
  
  3072:d2jpmyvLmkHxOOyado8X17dcMnAqEVFAOfxb15AKrUi/HErq9M5J:Y55Bbo8QqAqEVFxbLA8jnm
Score

10^/10

cobaltstrike pony backdoor rat spyware stealer trojan
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cobaltstrikeponybackdoorratspywarestealertrojan

behavioral2

cobaltstrikeponybackdoorratspywarestealertrojan