Overview

overview

10

Static

static

3

fc3f10c4cc...12.exe

windows7-x64

10

fc3f10c4cc...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc3f10c4cc4a22de75a0beb023f885404485df9ba310f44c53f10373373b1812.exe

  • Size

    128KB

  • Sample

    241206-gs2wkstlcv

  • MD5

    d8726162ad91472db5de567f57957ca9

  • SHA1

    d3838cf14e8739d4d614f940cbffc866d7166966

  • SHA256

    fc3f10c4cc4a22de75a0beb023f885404485df9ba310f44c53f10373373b1812

  • SHA512

    253a8bb9a9aee47637a15dbf6967513a36c2c51711bee1eff7a4495ddfa0a2410464a4e746708c87f1765ef0014def00d5efb0649446f9ad79535a43f739ea75

  • SSDEEP

    3072:ULselXPVHKCid5e/Hn73w1buGLclkNkNbo2YFwmjAvp:U4A/VqCize/HD6bVLclktevp

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://dreago.com/ponys/gate.php

http://flipsidementoring.com/ponys/gate.php

http://herbrim.com/ponys/gate.php

http://illusioninfusion.com/ponys/gate.php
Attributes
  • payload_url

    http://kingdomequinecenter.com/eKZf69Hp.exe

    http://02ab5c0.netsolhost.com/F7Q.exe

    http://foromaquinas.net/4QE0T.exe

    http://netcloud.co.il/Whx.exe

Targets

    • Target

      fc3f10c4cc4a22de75a0beb023f885404485df9ba310f44c53f10373373b1812.exe

    • Size

      128KB

    • MD5

      d8726162ad91472db5de567f57957ca9

    • SHA1

      d3838cf14e8739d4d614f940cbffc866d7166966

    • SHA256

      fc3f10c4cc4a22de75a0beb023f885404485df9ba310f44c53f10373373b1812

    • SHA512

      253a8bb9a9aee47637a15dbf6967513a36c2c51711bee1eff7a4495ddfa0a2410464a4e746708c87f1765ef0014def00d5efb0649446f9ad79535a43f739ea75

    • SSDEEP

      3072:ULselXPVHKCid5e/Hn73w1buGLclkNkNbo2YFwmjAvp:U4A/VqCize/HD6bVLclktevp

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks