pony | 34e370500120eb62aea726601544eafc31dd67081159b7f2cccd0cb2b070f7a4 | Triage

Sharing

General

Target

6233e8a3f403d5b876bbfd5bb4dfb4d6_JaffaCakes118
Size

216KB
Sample

240521-gbhrdadd32
MD5

6233e8a3f403d5b876bbfd5bb4dfb4d6
SHA1

e2e4c3b595e6141c69290e54f3a6c64a251731a7
SHA256

34e370500120eb62aea726601544eafc31dd67081159b7f2cccd0cb2b070f7a4
SHA512

49e5af1f089af5df5e4e82e469806664f9a05554daedf84ee7e128e73d916ef4fc1871d6f9a29cc12465219db23181428158e97948260bf7da02f013ee86ad8f
SSDEEP

3072:5zB6TWH4Uk3Y9aBXhqKjNUhq5RHgXO9uijPfSnMuGc/CfZDap6COU45EITtmo:5zJr9URtGq5RHg+gOfSnMuGc2EjOPm

Score

10^/10

pony microsoft phishing

Malware Config

Extracted

Family

pony

C2

http://engrseltevs.com/buky/gate.php

Targets

- Target
  
  6233e8a3f403d5b876bbfd5bb4dfb4d6_JaffaCakes118
- Size
  
  216KB
- MD5
  
  6233e8a3f403d5b876bbfd5bb4dfb4d6
- SHA1
  
  e2e4c3b595e6141c69290e54f3a6c64a251731a7
- SHA256
  
  34e370500120eb62aea726601544eafc31dd67081159b7f2cccd0cb2b070f7a4
- SHA512
  
  49e5af1f089af5df5e4e82e469806664f9a05554daedf84ee7e128e73d916ef4fc1871d6f9a29cc12465219db23181428158e97948260bf7da02f013ee86ad8f
- SSDEEP
  
  3072:5zB6TWH4Uk3Y9aBXhqKjNUhq5RHgXO9uijPfSnMuGc/CfZDap6COU45EITtmo:5zJr9URtGq5RHg+gOfSnMuGc2EjOPm
Score

5^/10

microsoft phishing
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

microsoftphishing