Overview

overview

10

Static

static

b747320229...28.exe

windows7-x64

10

b747320229...28.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b7473202294efbf6090f8ea33a86a48b4b1f12c5b2cd8aa643856dd74587e128

  • Size

    66KB

  • Sample

    221201-lqreaafb94

  • MD5

    7f0887d4ac2039039921177e61b65328

  • SHA1

    9a1878664f08730d07b3a33f8b278b2d6e82da53

  • SHA256

    b7473202294efbf6090f8ea33a86a48b4b1f12c5b2cd8aa643856dd74587e128

  • SHA512

    131c358d1fe67b4ac0e2532464297c871a32dad7e0eea684c47e8dbac4f55e1a65c813f6cdf38a762064834a53c9509e93736f5274197882d9cce22c2ab6332e

  • SSDEEP

    1536:/Njzq+5hRpfvC7IcQe1VsGgtQth7FIslmFWosZt4+7jOl/Jg8afmZx:Fcb1ViQttFBJL/CydC

Score
10/10
ponycollectiondiscoveryratspywarestealerupx

Malware Config

Extracted

Family

pony

C2

http://labanquize.com/default.php?HQubbI5FH5E4JYuzm11vzfYxejr6Zo4Bu1wDC

http://topsquar.webd.pl/default.php?EbcpDUKiB4NrPln1OgLbULfuyKai1KIYBbh

http://theoutsourcing.pl/default.php?aJkMPH2JBEQQlYPbOFaZC9A4ZWHkzn3xVe

http://tanpalya.hu/default.php?uEXMlrnFJ5xEKZOe2YrUwyCp3mRnFCkQjbVlOUD4

http://dc-hairdesign.com/default.php?NZFbLneulNX7m71wu71oOH6mVfOKfdWlMm

Targets

    • Target

      b7473202294efbf6090f8ea33a86a48b4b1f12c5b2cd8aa643856dd74587e128

    • Size

      66KB

    • MD5

      7f0887d4ac2039039921177e61b65328

    • SHA1

      9a1878664f08730d07b3a33f8b278b2d6e82da53

    • SHA256

      b7473202294efbf6090f8ea33a86a48b4b1f12c5b2cd8aa643856dd74587e128

    • SHA512

      131c358d1fe67b4ac0e2532464297c871a32dad7e0eea684c47e8dbac4f55e1a65c813f6cdf38a762064834a53c9509e93736f5274197882d9cce22c2ab6332e

    • SSDEEP

      1536:/Njzq+5hRpfvC7IcQe1VsGgtQth7FIslmFWosZt4+7jOl/Jg8afmZx:Fcb1ViQttFBJL/CydC

    Score
    10/10
    ponycollectiondiscoveryratspywarestealerupx

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks