Overview

overview

10

Static

static

1

dadcbbb216...29.exe

windows7-x64

10

dadcbbb216...29.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dadcbbb2166372ecd1233c3fb9b02b29

  • Size

    172KB

  • Sample

    240321-gnlc2ada92

  • MD5

    dadcbbb2166372ecd1233c3fb9b02b29

  • SHA1

    ba534c8f6a9220e408b675de12c4ac908e6db02c

  • SHA256

    a99fea064df4def0094b414104da16d4a2cc2ae3bfb6da482c336303a5200814

  • SHA512

    d0c9b72a097675705fc1258851d6bdee577b7b7d92091758b6ce42e1772f63dbc97f2bb7d5d6a8e149dabb5aecc2e0c56ba159d4ebe4e7820c92023718663916

  • SSDEEP

    3072:jpXww2bG7/Tg2DmffDrbYHHf3xaW3ShYtNYKse9:ehSTTLmfbHe/haMSNKb

Score
10/10
ponydiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://108.166.65.182:8080/pony/gate.php

http://66.150.188.33/pony/gate.php
Attributes
  • payload_url

    http://bgdt.co.uk/2A3.exe

    http://madeiras10.com.br/ZNg8uR.exe

    http://aencuentro.com.ar/xc25nXp.exe

Targets

    • Target

      dadcbbb2166372ecd1233c3fb9b02b29

    • Size

      172KB

    • MD5

      dadcbbb2166372ecd1233c3fb9b02b29

    • SHA1

      ba534c8f6a9220e408b675de12c4ac908e6db02c

    • SHA256

      a99fea064df4def0094b414104da16d4a2cc2ae3bfb6da482c336303a5200814

    • SHA512

      d0c9b72a097675705fc1258851d6bdee577b7b7d92091758b6ce42e1772f63dbc97f2bb7d5d6a8e149dabb5aecc2e0c56ba159d4ebe4e7820c92023718663916

    • SSDEEP

      3072:jpXww2bG7/Tg2DmffDrbYHHf3xaW3ShYtNYKse9:ehSTTLmfbHe/haMSNKb

    Score
    10/10
    ponydiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks