Overview

overview

10

Static

static

3

2b7658a9c5...35.exe

windows7-x64

10

2b7658a9c5...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fbfc79462b64751c339f0b0297c748f.bin

  • Size

    137KB

  • Sample

    241209-bgx6csxjgx

  • MD5

    dc72dd122323f1ca140aa2c717226b9d

  • SHA1

    34d5ea71695f5b73183e460ba9d984ca93cd34bf

  • SHA256

    a6e9f5047539b5b58bf39795f2224f1a5a92debdf5f6786591cf989ebe7d095d

  • SHA512

    8fe3b2048c167365f4981b8f4b6c37f053869c8c4f41c114cb51e6bbd05caa425419a9256c3eee14eb5e62bff23b8331849fea47124d4a4980051e878dd786ab

  • SSDEEP

    3072:bf33Sm6QJflZzIPgFOkLmwLVpJgUk9pudj7S7lffLFOdgTae:D3CmLRbIIw7Y0Uk3k3S71zFO2We

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://6.magicalomaha.co/forum/viewtopic.php

http://6.magicalomaha.com/forum/viewtopic.php
Attributes
  • payload_url

    http://dynamotouren.de/4XM2f.exe

    http://app.bi.com.tr/fPFa.exe

    http://72.32.185.12/rd7nr.exe

    http://208.116.13.164/b6dK7rwV.exe

    http://www.seigner-art.at/fPsx8i.exe

    http://www.aboessen24.de/WWkULwkq.exe

Targets

    • Target

      2b7658a9c50bf8ee549193723e56b6500d4a193a5eb8e10871c67956d5d4e835.exe

    • Size

      372KB

    • MD5

      2fbfc79462b64751c339f0b0297c748f

    • SHA1

      3c07b52af2661e02e4db7dc978a83db0ba7c570f

    • SHA256

      2b7658a9c50bf8ee549193723e56b6500d4a193a5eb8e10871c67956d5d4e835

    • SHA512

      dbc3b7d8a7419feacf98481f542991edfcfe67d48a31244aff3818d28770842c2b7fd62a6d174e0132946ab73e60c00213a3c116090559e75512f38047b7a827

    • SSDEEP

      3072:eps58pvoY9pm4arHiETYPTP3vfdHldhwE3vfdHldhwVOpvoY9FpvoY9jmJm4arq3:UW8Zr9U4nE49Zr9FZr9q04BnEASEg

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks