pony | 7c1b56d5280156b746ae5ec70c09170ea92dddb0cbf795137d6da16744b4ad66 | Triage

Sharing

General

Target

7c1b56d5280156b746ae5ec70c09170ea92dddb0cbf795137d6da16744b4ad66.exe
Size

2.2MB
Sample

241231-j1px4atmbj
MD5

507fd158b1bb5322d4d3afe758b728fb
SHA1

9252583384c81dc564a20a67d06491301d5b4dd8
SHA256

7c1b56d5280156b746ae5ec70c09170ea92dddb0cbf795137d6da16744b4ad66
SHA512

fd1cb32c4167918d813e3e30888ecd983345e4ae41037cab5fd161f1743f3ac2b7766ab5d7858aec1b3e1887d799cd9d7d259d0fa2722bd578a7ceb8833d8cd4
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZx:0UzeyQMS4DqodCnoe+iitjWww1

Score

10^/10

pony discovery

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  7c1b56d5280156b746ae5ec70c09170ea92dddb0cbf795137d6da16744b4ad66.exe
- Size
  
  2.2MB
- MD5
  
  507fd158b1bb5322d4d3afe758b728fb
- SHA1
  
  9252583384c81dc564a20a67d06491301d5b4dd8
- SHA256
  
  7c1b56d5280156b746ae5ec70c09170ea92dddb0cbf795137d6da16744b4ad66
- SHA512
  
  fd1cb32c4167918d813e3e30888ecd983345e4ae41037cab5fd161f1743f3ac2b7766ab5d7858aec1b3e1887d799cd9d7d259d0fa2722bd578a7ceb8833d8cd4
- SSDEEP
  
  24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZx:0UzeyQMS4DqodCnoe+iitjWww1
Score

7^/10

discovery
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2