Overview

overview

10

Static

static

1

63663eec6c...eN.exe

windows7-x64

10

63663eec6c...eN.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63663eec6cbc4ced91ac730c6b4789ff67241d1fbb4d522e84c0ad0e7828261eN

  • Size

    196KB

  • Sample

    240918-c9gjraydrd

  • MD5

    dfc05a4e8e29a348af7039a78ff59270

  • SHA1

    0ab922c068513cfa2401a9b2e55d879eb4830382

  • SHA256

    63663eec6cbc4ced91ac730c6b4789ff67241d1fbb4d522e84c0ad0e7828261e

  • SHA512

    fbfb3390e981ba86f9433db30108e034aa171a9cb2da0ced1543b0e33273feb365ad9ceb51b9ab11401d610b574cd0fa88245a6aae3a28e5793f39315bbebf73

  • SSDEEP

    1536:QN8X9ie1AtM1icxMYxPHS+5IQbgSl1BP8hM44V+aYSwlikUEu+EQUQXjFm9G0Ky:vX9i+p1iuHS++v07101likUEu2zL0Ky

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://etsiunjour.fr:81/pony/gate.php

http://74.91.112.151/pony/gate.php
Attributes
  • payload_url

    http://aeronavdata.com/eGqkMT.exe

    http://isdoatcen.com/EKs8.exe

    http://floriculturabm.com/QxN7r.exe

Targets

    • Target

      63663eec6cbc4ced91ac730c6b4789ff67241d1fbb4d522e84c0ad0e7828261eN

    • Size

      196KB

    • MD5

      dfc05a4e8e29a348af7039a78ff59270

    • SHA1

      0ab922c068513cfa2401a9b2e55d879eb4830382

    • SHA256

      63663eec6cbc4ced91ac730c6b4789ff67241d1fbb4d522e84c0ad0e7828261e

    • SHA512

      fbfb3390e981ba86f9433db30108e034aa171a9cb2da0ced1543b0e33273feb365ad9ceb51b9ab11401d610b574cd0fa88245a6aae3a28e5793f39315bbebf73

    • SSDEEP

      1536:QN8X9ie1AtM1icxMYxPHS+5IQbgSl1BP8hM44V+aYSwlikUEu+EQUQXjFm9G0Ky:vX9i+p1iuHS++v07101likUEu2zL0Ky

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks