pony | 8df4e2a08d7320e47e2731be950bee732301396578694824665e12375fe8f3c6 | Triage

Sharing

General

Target

7c57cf75a45ff3afd8e7c89cea9f6dec_JaffaCakes118
Size

2.1MB
Sample

240528-khvw3acg41
MD5

7c57cf75a45ff3afd8e7c89cea9f6dec
SHA1

88b65d6308b22609aea4e2225173905e20a0427d
SHA256

8df4e2a08d7320e47e2731be950bee732301396578694824665e12375fe8f3c6
SHA512

abffb60c75272a8a2353fb101cad4dbb4d5667f0c3fb4b7e1d42ed58f466131a3bb99122c115993195b72744047e8b9c9e727d48caac38c37dde809b2d4c56f0
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZs:0UzeyQMS4DqodCnoe+iitjWwwg

Score

10^/10

pony

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  7c57cf75a45ff3afd8e7c89cea9f6dec_JaffaCakes118
- Size
  
  2.1MB
- MD5
  
  7c57cf75a45ff3afd8e7c89cea9f6dec
- SHA1
  
  88b65d6308b22609aea4e2225173905e20a0427d
- SHA256
  
  8df4e2a08d7320e47e2731be950bee732301396578694824665e12375fe8f3c6
- SHA512
  
  abffb60c75272a8a2353fb101cad4dbb4d5667f0c3fb4b7e1d42ed58f466131a3bb99122c115993195b72744047e8b9c9e727d48caac38c37dde809b2d4c56f0
- SSDEEP
  
  24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZs:0UzeyQMS4DqodCnoe+iitjWwwg
Score

7^/10
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2