Overview

overview

10

Static

static

3

caaa2cf133...0N.exe

windows7-x64

10

caaa2cf133...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    caaa2cf133115f9613c218e25733b870N.exe

  • Size

    92KB

  • Sample

    240905-b843zssbkf

  • MD5

    caaa2cf133115f9613c218e25733b870

  • SHA1

    bdb80f9a4920407599f246687164fbf0a7e73bf5

  • SHA256

    7b7e6f20dd1933c8ef8e122a3ce5cf6159bf923a08995af8ca08be420983c73d

  • SHA512

    993b0be420753d1871d1f8cf8a1c26bfdc50a77df15cd777fe7d6c87ce0f055bbb28293627803bb4ab450d00d66c47f8651f48161b49d2b13c4be2610a8a411a

  • SSDEEP

    1536:pzGWObbrGNQwNmyREVuXBYWBNohFQXJAKYzDH7MS38lL9IB8m8s1PeMj6rS/7P:tfO/kQ2DEVsBRAKMDHAS3Y9UBH

Score
10/10
ponycredential_accessdiscoveryratspywarestealer

Malware Config

Targets

    • Target

      caaa2cf133115f9613c218e25733b870N.exe

    • Size

      92KB

    • MD5

      caaa2cf133115f9613c218e25733b870

    • SHA1

      bdb80f9a4920407599f246687164fbf0a7e73bf5

    • SHA256

      7b7e6f20dd1933c8ef8e122a3ce5cf6159bf923a08995af8ca08be420983c73d

    • SHA512

      993b0be420753d1871d1f8cf8a1c26bfdc50a77df15cd777fe7d6c87ce0f055bbb28293627803bb4ab450d00d66c47f8651f48161b49d2b13c4be2610a8a411a

    • SSDEEP

      1536:pzGWObbrGNQwNmyREVuXBYWBNohFQXJAKYzDH7MS38lL9IB8m8s1PeMj6rS/7P:tfO/kQ2DEVsBRAKMDHAS3Y9UBH

    Score
    10/10
    ponycredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks