Overview

overview

10

Static

static

3

8.exe

windows7-x64

10

8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    80412621ce68fb44bafea521df758682_JaffaCakes118

  • Size

    139KB

  • Sample

    240529-ldyb3aaa51

  • MD5

    80412621ce68fb44bafea521df758682

  • SHA1

    e1594c76d2004a82cc1b4b9a1c3ef91e6cc2a83a

  • SHA256

    15ac3e1e72396a1633a29f848569f0c3f6b0781ae5b4c41bd068f617500c4da7

  • SHA512

    b8f4995b4e544d239238be3c051276364f4c8605936b529c2c57d32559f9c7d09c33a7ebb56cf8f71870ea08d8be67908998280c74401c4fc565d51851cc81fe

  • SSDEEP

    3072:lAXzGZgYrxTJtVuvDqIFYrr/UU/bWMcw99gFAhtaIVgu/Yls:lAcRrRJavmsBaGc9lt5gVs

Score
10/10
ponycollectionratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://wholeheartedglobal.org/Az/panelnew/gate.php

Targets

    • Target

      8.exe

    • Size

      166KB

    • MD5

      392d7d7f1914dd823d01554471881c42

    • SHA1

      f511f5cce1caeee2cb6bf46ccbb639c98b60d4f2

    • SHA256

      60da9a353c2ca13cdbcba17dfd53ccaa42d12614aba9d3f03ad66e11895a1813

    • SHA512

      580f87205920c05f93ca725bfa8f260412448fc7e22e8a1190edd8bb37b7521097f0917bc3a8e156a75375c79649dff1575dc720cf066876570f9a502a16875c

    • SSDEEP

      3072:T7Efexez/bONut3SdvOri6bJb3DcFKKkgTeO7gXsuME23v44Aa:T7BDOG4zcFKb4gXsuMnv44

    Score
    10/10
    ponycollectionratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Drops startup file

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks