Overview

overview

10

Static

static

ec3898ab6b...cf.exe

windows7-x64

10

ec3898ab6b...cf.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ec3898ab6b3498b6a91cd9f5d0f7b173a1d45e54debae967b984b7cabd5b06cf

  • Size

    109KB

  • Sample

    221204-pps39sdc6z

  • MD5

    7a8f915c712812565828ac7632796679

  • SHA1

    63a2fa5d81ef94cf5d74c336639adbb821090a78

  • SHA256

    ec3898ab6b3498b6a91cd9f5d0f7b173a1d45e54debae967b984b7cabd5b06cf

  • SHA512

    7d35e24d852d5d024dd2488d4ec35b192470a1220e8f0d6730751e5776b17c27233dfe6e6a403c26aacfd11777b7a63aa12778342520beaaf36a484ed36867c1

  • SSDEEP

    3072:/Q4mmu9kT2QEXzC99e5SVtJ6LIvW7ygBunI52cfrkPJ:/Q41uGTpS5utckvWNknIHYP

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://ws.sefairepayer.com:8080/forum/viewtopic.php

http://imprimante.sefairepayer.com:8080/forum/viewtopic.php

http://91.121.204.38:8080/forum/viewtopic.php

http://217.195.200.29:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://256540.webtest.goneo.de/1GCFP792/HSJWdpC0.exe

    http://etaphavacilik.com/D3ppyZsm/BYQ.exe

    http://hc121012.smartconfig.net/UqzyfYAz/KXsRz4.exe

    http://kerabad.de/kz3Fg3pd/Bo4GiA.exe

    http://metalgold.com.mx/GwRHCZBu/8XE.exe

    http://astuteconsultinggroup.com.au/PetScbrF/qygH860.exe

    http://taxationsoftware.in/ukXV6bSA/pf9QGuE.exe

Targets

    • Target

      ec3898ab6b3498b6a91cd9f5d0f7b173a1d45e54debae967b984b7cabd5b06cf

    • Size

      109KB

    • MD5

      7a8f915c712812565828ac7632796679

    • SHA1

      63a2fa5d81ef94cf5d74c336639adbb821090a78

    • SHA256

      ec3898ab6b3498b6a91cd9f5d0f7b173a1d45e54debae967b984b7cabd5b06cf

    • SHA512

      7d35e24d852d5d024dd2488d4ec35b192470a1220e8f0d6730751e5776b17c27233dfe6e6a403c26aacfd11777b7a63aa12778342520beaaf36a484ed36867c1

    • SSDEEP

      3072:/Q4mmu9kT2QEXzC99e5SVtJ6LIvW7ygBunI52cfrkPJ:/Q41uGTpS5utckvWNknIHYP

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks