pony | 9fbd0d0a6f4933caedf0dfbba09b3009a155855c4edd331465f94969ed9832f8 | Triage

Sharing

General

Target

2080-2-0x0000000000400000-0x0000000000417000-memory.dmp
Size

92KB
Sample

240830-zzvpyswhkn
MD5

cce847a0957b76d64d5301478cfb8045
SHA1

faea2ca4c08ab54dc754c5c54bd1ad6f2e558e3d
SHA256

9fbd0d0a6f4933caedf0dfbba09b3009a155855c4edd331465f94969ed9832f8
SHA512

3858af0cbd7193adf6e77e8bfe8b0713cb231e481c761085191d8e9dc7caac38a2f69a2e181101d462a618ca711694d777d1fe97e393eb76649b0b7e36868b75
SSDEEP

1536:lSHv2KkqT0gNItvPtTxM35w4gzr1TvJEA9kZsS:l6RutHttM35w3EAOsS

Score

10^/10

pony discovery

Malware Config

Extracted

Family

pony

C2

http://www.alberghi.com:8080/pony/gate.php

http://zelia.net:8080/pony/gate.php

Attributes

payload_url
http://ucargroup.com/3m6CzuvT/UyqJ.exe

http://geovanabauerdocesfinos.com.br/6md3zev5/hQj.exe

http://www.dwa-wrestling.de/DGUhkavQ/SkxZGut.exe

Targets

- Target
  
  2080-2-0x0000000000400000-0x0000000000417000-memory.dmp
- Size
  
  92KB
- MD5
  
  cce847a0957b76d64d5301478cfb8045
- SHA1
  
  faea2ca4c08ab54dc754c5c54bd1ad6f2e558e3d
- SHA256
  
  9fbd0d0a6f4933caedf0dfbba09b3009a155855c4edd331465f94969ed9832f8
- SHA512
  
  3858af0cbd7193adf6e77e8bfe8b0713cb231e481c761085191d8e9dc7caac38a2f69a2e181101d462a618ca711694d777d1fe97e393eb76649b0b7e36868b75
- SSDEEP
  
  1536:lSHv2KkqT0gNItvPtTxM35w4gzr1TvJEA9kZsS:l6RutHttM35w3EAOsS
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2