Overview

overview

10

Static

static

3

064076a370...07.exe

windows7-x64

10

064076a370...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    064076a370b34f1e7dceaa71ee20f281919db931cac53d7b6578e5b932959d07

  • Size

    4.6MB

  • Sample

    230807-krdddaee32

  • MD5

    5250f4275d2ff5a53c3d18ee5244b475

  • SHA1

    31324cf97e635f7ac6f49c0f9cc4356e72a19d3d

  • SHA256

    064076a370b34f1e7dceaa71ee20f281919db931cac53d7b6578e5b932959d07

  • SHA512

    8860dce62381a3cc05ec7955c3a963e337e57366da82606d171ee1d02d2c41c23fb80276124218778de29c4321e71cf30730e3fa325e8b2690fcc3bcbecad0cf

  • SSDEEP

    6144:oEQCaibN2pWIhcHn0cpruiIyNJUJQJtJ3JtJdJtJTJtJQJhJtJQJ5JtJQJTJtJQt:i1GwjhbcZLzIVs

Score
10/10
ponyratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://superiorbroomproducers.com/opjis/UD099/gate.php

Targets

    • Target

      064076a370b34f1e7dceaa71ee20f281919db931cac53d7b6578e5b932959d07

    • Size

      4.6MB

    • MD5

      5250f4275d2ff5a53c3d18ee5244b475

    • SHA1

      31324cf97e635f7ac6f49c0f9cc4356e72a19d3d

    • SHA256

      064076a370b34f1e7dceaa71ee20f281919db931cac53d7b6578e5b932959d07

    • SHA512

      8860dce62381a3cc05ec7955c3a963e337e57366da82606d171ee1d02d2c41c23fb80276124218778de29c4321e71cf30730e3fa325e8b2690fcc3bcbecad0cf

    • SSDEEP

      6144:oEQCaibN2pWIhcHn0cpruiIyNJUJQJtJ3JtJdJtJTJtJQJhJtJQJ5JtJQJTJtJQt:i1GwjhbcZLzIVs

    Score
    10/10
    ponyratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks