pony | eb44fccbe4c2a824d46cba60714a141a586b0f49825b3fe18b63800e7389491c | Triage

Sharing

General

Target

eb44fccbe4c2a824d46cba60714a141a586b0f49825b3fe18b63800e7389491c.exe
Size

2.2MB
Sample

241204-el6j3swnfn
MD5

d6b6bd3b29638aeb75227916b2f9cd80
SHA1

5729a646af679f750d2e0a1a4732caca5c55ccce
SHA256

eb44fccbe4c2a824d46cba60714a141a586b0f49825b3fe18b63800e7389491c
SHA512

3c1143a92c6788a29e3423282294df411acff7c9fd815af39df6be6246396238aa580ce8ea19739de1c0e9518eadcd564917038359eed83c2002a9908f2a9118
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZZ:0UzeyQMS4DqodCnoe+iitjWww1

Score

10^/10

pony discovery

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  eb44fccbe4c2a824d46cba60714a141a586b0f49825b3fe18b63800e7389491c.exe
- Size
  
  2.2MB
- MD5
  
  d6b6bd3b29638aeb75227916b2f9cd80
- SHA1
  
  5729a646af679f750d2e0a1a4732caca5c55ccce
- SHA256
  
  eb44fccbe4c2a824d46cba60714a141a586b0f49825b3fe18b63800e7389491c
- SHA512
  
  3c1143a92c6788a29e3423282294df411acff7c9fd815af39df6be6246396238aa580ce8ea19739de1c0e9518eadcd564917038359eed83c2002a9908f2a9118
- SSDEEP
  
  24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZZ:0UzeyQMS4DqodCnoe+iitjWww1
Score

7^/10

discovery
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2