Overview

overview

10

Static

static

1

991c0358eb...ff.exe

windows7-x64

10

991c0358eb...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c42f5753f03848dee9bacf5714eb3e2a.bin

  • Size

    82KB

  • Sample

    240901-b7fn1axhkk

  • MD5

    26130eaf59e01b32eb0cc6c13c37d17a

  • SHA1

    3fbf6ce362882ad3e5e7de6f66515cedf59795e6

  • SHA256

    a1198ba98085d0957d7905cddd7be1b10ac3f0715f0a1fda1330e289fb0226a2

  • SHA512

    756a40a4e3cb06da9faba1bb5d553b21b2bd413572fac451d633393742ef5492101da0385bcb879a1411a4beae9e5ba839189a2d3d37cfe0730a5411a621dd88

  • SSDEEP

    1536:l4RN86dF8QwkLQvU2OXwKUjE8ACpwgjpqO00a2NH61cWHKj31wVtzU:l4RK6FHw0dwu8LpjswaAH6WteU

Score
10/10
ponycredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://www.alberghi.com:8080/pony/gate.php

http://zelia.net:8080/pony/gate.php
Attributes
  • payload_url

    http://ucargroup.com/3m6CzuvT/UyqJ.exe

    http://geovanabauerdocesfinos.com.br/6md3zev5/hQj.exe

    http://www.dwa-wrestling.de/DGUhkavQ/SkxZGut.exe

Targets

    • Target

      991c0358ebd616c3a848fcf10488b998deff66e0813ec1e660f18b3b7c8b50ff.exe

    • Size

      91KB

    • MD5

      c42f5753f03848dee9bacf5714eb3e2a

    • SHA1

      e5f6cf1c42525df4d6624ab218c0136b16bd4297

    • SHA256

      991c0358ebd616c3a848fcf10488b998deff66e0813ec1e660f18b3b7c8b50ff

    • SHA512

      952b976f85a38b74dc9515558b4853f1b2f49dfaa4505979cbe030c8c243f6058c5f4d0e10073e2a03ec62d53cea3377ae9022e04e00f74dcc00576e43af77b1

    • SSDEEP

      1536:styCX5pulHFjKZFppjUv4jcJbQd4xj/4wTEd2kgBrGhgnHT5v0I44rZqRnQY:stD5puleVjaQgVTm2kg9Gg1vOdQY

    Score
    10/10
    ponycredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks