pony | 5890aec86a1f5e8ebd5e54fb2d1137c9a42f49eaa2893fc8f3ac45030e2366f0 | Triage

Sharing

General

Target

01340048af59a7ac31b10934920698b2_JaffaCakes118
Size

2.1MB
Sample

240426-t6vqmsge81
MD5

01340048af59a7ac31b10934920698b2
SHA1

8c205adc18cca457bacc57592b91d6e7bcb792e1
SHA256

5890aec86a1f5e8ebd5e54fb2d1137c9a42f49eaa2893fc8f3ac45030e2366f0
SHA512

0be0fcbecbf21e6925d1edd95cabeef1aad0d37ec18ef53b89322bb637ee3fae5d882b93c0c96d9cc9fca9a3c65bf5b81b50948d0abed6744182c668725fcbc8
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZZ:0UzeyQMS4DqodCnoe+iitjWwwN

Score

10^/10

pony

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  01340048af59a7ac31b10934920698b2_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  01340048af59a7ac31b10934920698b2
- SHA1
  
  8c205adc18cca457bacc57592b91d6e7bcb792e1
- SHA256
  
  5890aec86a1f5e8ebd5e54fb2d1137c9a42f49eaa2893fc8f3ac45030e2366f0
- SHA512
  
  0be0fcbecbf21e6925d1edd95cabeef1aad0d37ec18ef53b89322bb637ee3fae5d882b93c0c96d9cc9fca9a3c65bf5b81b50948d0abed6744182c668725fcbc8
- SSDEEP
  
  24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZZ:0UzeyQMS4DqodCnoe+iitjWwwN
Score

7^/10
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2