Overview

overview

10

Static

static

be347717ae...e3.exe

windows7-x64

10

be347717ae...e3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be347717ae013115cdc31c2418580a5c614e96ac490cd120e580f44daf1c00e3

  • Size

    113KB

  • Sample

    221203-gt1d5sba34

  • MD5

    2ac2446db59c30a05b32f0677e487ab0

  • SHA1

    5d34a14c6b72fa7c580311b13a9dc5f5f595ee47

  • SHA256

    be347717ae013115cdc31c2418580a5c614e96ac490cd120e580f44daf1c00e3

  • SHA512

    4f6e57e0f9a22362b965d9311bfb9cac89eade6cfb2ef02a5cced42c0edabcf69f4d8c541a63e305f1c96937991228f0fbe8f2d216910b2357ec2bf8acc34b49

  • SSDEEP

    3072:BbWxwy3FDk3F3g4MOaQFRVfx8p/TmeOjyL:y1Ig4MOR9S/DOjy

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://journeyacrossthesky.org/forum/viewtopic.php

http://luckyemily.com/forum/viewtopic.php

http://oshaughnessyfam.com/forum/viewtopic.php

http://actorbell.com/forum/viewtopic.php
Attributes
  • payload_url

    http://imagesuperspot.com/6ptP.exe

    http://1954f7e942e67bc1.lolipop.jp/d2z.exe

    http://ropapublicitaria.es/5VWumA1.exe

    http://colombiantravelservices.com/ucUMruv.exe

Targets

    • Target

      be347717ae013115cdc31c2418580a5c614e96ac490cd120e580f44daf1c00e3

    • Size

      113KB

    • MD5

      2ac2446db59c30a05b32f0677e487ab0

    • SHA1

      5d34a14c6b72fa7c580311b13a9dc5f5f595ee47

    • SHA256

      be347717ae013115cdc31c2418580a5c614e96ac490cd120e580f44daf1c00e3

    • SHA512

      4f6e57e0f9a22362b965d9311bfb9cac89eade6cfb2ef02a5cced42c0edabcf69f4d8c541a63e305f1c96937991228f0fbe8f2d216910b2357ec2bf8acc34b49

    • SSDEEP

      3072:BbWxwy3FDk3F3g4MOaQFRVfx8p/TmeOjyL:y1Ig4MOR9S/DOjy

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks