pony | 4b6feb4eb9f9828cd5786368b0ad23fafd05a9cef62a9bbcfeebaf744bc3bf1b | Triage

Sharing

General

Target

66e42e0170c16bf3d53040d394359571_JaffaCakes118
Size

1.9MB
Sample

240522-l5ph8sbe21
MD5

66e42e0170c16bf3d53040d394359571
SHA1

ac9acbf46eca7961cc4f5989c764ca6966f707ee
SHA256

4b6feb4eb9f9828cd5786368b0ad23fafd05a9cef62a9bbcfeebaf744bc3bf1b
SHA512

56947e488578a8da1a5ee92b951aa34b48e3d1951fc1ae7a80f145349413711e7bf6c8591ef68d8addf7f2dcdd83ac3ebb9999a005b85637859cdfb4ad02e905
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ+:0UzeyQMS4DqodCnoe+iitjWww6

Score

10^/10

pony

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  66e42e0170c16bf3d53040d394359571_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  66e42e0170c16bf3d53040d394359571
- SHA1
  
  ac9acbf46eca7961cc4f5989c764ca6966f707ee
- SHA256
  
  4b6feb4eb9f9828cd5786368b0ad23fafd05a9cef62a9bbcfeebaf744bc3bf1b
- SHA512
  
  56947e488578a8da1a5ee92b951aa34b48e3d1951fc1ae7a80f145349413711e7bf6c8591ef68d8addf7f2dcdd83ac3ebb9999a005b85637859cdfb4ad02e905
- SSDEEP
  
  24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ+:0UzeyQMS4DqodCnoe+iitjWww6
Score

7^/10
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2