Overview

overview

10

Static

static

55461786c4...eb.exe

windows7-x64

10

55461786c4...eb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55461786c498d3aa1f164cb56198625994daea5c97b2c5b77fcbaf132e4a55eb

  • Size

    121KB

  • Sample

    221203-a684gsag78

  • MD5

    6788d034fd5f9df6222b72e1d5d2178f

  • SHA1

    43233a57dc7aa9f16fb645b38572ec30f3390294

  • SHA256

    55461786c498d3aa1f164cb56198625994daea5c97b2c5b77fcbaf132e4a55eb

  • SHA512

    6cffe7a36c91e8f318aa25bc2bc720fec3efbe0c0053e424b6f5a43bfd44f27217be4d803ad2d286cbbf783795922544e7d89885bf6518961cc219d1494224e8

  • SSDEEP

    1536:yYX6DpIoXq0ca2r7MclGV9ExclPQ70w7f8L/SczQFyA0MR2pvsmezu9Nis/7Ru6C:yI6qoq0cawU96clNMc+F8KVzu1FNw

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://nursenextdoor.com:443/forum/viewtopic.php

http://dreamonseniorswish.org:443/forum/viewtopic.php

http://prospexleads.com:8080/forum/viewtopic.php

http://phonebillssuck.com:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://www.mshc.in/hKW.exe

    http://pcorbits.com/5edh9Au.exe

    http://95.110.228.229/Y0tmeeSZ.exe

    http://church.main.jp/Yr3P4h0P.exe

Targets

    • Target

      55461786c498d3aa1f164cb56198625994daea5c97b2c5b77fcbaf132e4a55eb

    • Size

      121KB

    • MD5

      6788d034fd5f9df6222b72e1d5d2178f

    • SHA1

      43233a57dc7aa9f16fb645b38572ec30f3390294

    • SHA256

      55461786c498d3aa1f164cb56198625994daea5c97b2c5b77fcbaf132e4a55eb

    • SHA512

      6cffe7a36c91e8f318aa25bc2bc720fec3efbe0c0053e424b6f5a43bfd44f27217be4d803ad2d286cbbf783795922544e7d89885bf6518961cc219d1494224e8

    • SSDEEP

      1536:yYX6DpIoXq0ca2r7MclGV9ExclPQ70w7f8L/SczQFyA0MR2pvsmezu9Nis/7Ru6C:yI6qoq0cawU96clNMc+F8KVzu1FNw

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks