pony | 8df4e2a08d7320e47e2731be950bee732301396578694824665e12375fe8f3c6 | Triage

Sharing

General

Target

7c57cf75a45ff3afd8e7c89cea9f6dec_JaffaCakes118
Size

2.1MB
Sample

240528-khvw3acg41
MD5

7c57cf75a45ff3afd8e7c89cea9f6dec
SHA1

88b65d6308b22609aea4e2225173905e20a0427d
SHA256

8df4e2a08d7320e47e2731be950bee732301396578694824665e12375fe8f3c6
SHA512

abffb60c75272a8a2353fb101cad4dbb4d5667f0c3fb4b7e1d42ed58f466131a3bb99122c115993195b72744047e8b9c9e727d48caac38c37dde809b2d4c56f0
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZs:0UzeyQMS4DqodCnoe+iitjWwwg

Score

10^/10

pony

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  7c57cf75a45ff3afd8e7c89cea9f6dec_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  7c57cf75a45ff3afd8e7c89cea9f6dec
- SHA1
  
  88b65d6308b22609aea4e2225173905e20a0427d
- SHA256
  
  8df4e2a08d7320e47e2731be950bee732301396578694824665e12375fe8f3c6
- SHA512
  
  abffb60c75272a8a2353fb101cad4dbb4d5667f0c3fb4b7e1d42ed58f466131a3bb99122c115993195b72744047e8b9c9e727d48caac38c37dde809b2d4c56f0
- SSDEEP
  
  24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZs:0UzeyQMS4DqodCnoe+iitjWwwg
Score

7^/10
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2