Overview

overview

10

Static

static

3

19d3e9be04...a4.exe

windows7-x64

10

19d3e9be04...a4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19d3e9be0486047462a512ad2ff59673e4ced2369bb9b421378c4882929078a4.exe

  • Size

    250KB

  • Sample

    241226-cxx1zavmdq

  • MD5

    2051c9d1079205ae93ce2353c7039d20

  • SHA1

    7617d7baf1b7872ffaf900e8d6584f5d6c6aa890

  • SHA256

    19d3e9be0486047462a512ad2ff59673e4ced2369bb9b421378c4882929078a4

  • SHA512

    a6f02b9b2c09dc620ba4c34f7a55ed20309ff4081912627f009a47846c2d6f08388c17810a2560f7e6e2693a47f7060d48d40b359720276ddaab1e6c86511e3a

  • SSDEEP

    3072:+ubec3ltiWjDhIxZCKJhk44ys+9Z5PuBT83thaL/cUYZ:l3ivRaU79POT6sT5c

Score
10/10
ponycredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://176.28.18.135:8080/pony/gate.php

http://85.214.243.87:8080/pony/gate.php

http://88.85.99.44:8080/pony/gate.php
Attributes
  • payload_url

    http://cinecolor.com.ar/GPFito.exe

    http://www.bomcreto.com.br/sWt7gc5m.exe

    http://www.cyrpainting.cl/p6h.exe

    http://hellenic-antiaging-academy.gr/2wY.exe

Targets

    • Target

      19d3e9be0486047462a512ad2ff59673e4ced2369bb9b421378c4882929078a4.exe

    • Size

      250KB

    • MD5

      2051c9d1079205ae93ce2353c7039d20

    • SHA1

      7617d7baf1b7872ffaf900e8d6584f5d6c6aa890

    • SHA256

      19d3e9be0486047462a512ad2ff59673e4ced2369bb9b421378c4882929078a4

    • SHA512

      a6f02b9b2c09dc620ba4c34f7a55ed20309ff4081912627f009a47846c2d6f08388c17810a2560f7e6e2693a47f7060d48d40b359720276ddaab1e6c86511e3a

    • SSDEEP

      3072:+ubec3ltiWjDhIxZCKJhk44ys+9Z5PuBT83thaL/cUYZ:l3ivRaU79POT6sT5c

    Score
    10/10
    ponycredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks