pony | cc83524cc495f1f88d6829be9b889da9fbbdaa20d72a0331c45dd2cee8ce95b4 | Triage

Sharing

General

Target

cc83524cc495f1f88d6829be9b889da9fbbdaa20d72a0331c45dd2cee8ce95b4.exe
Size

2.2MB
Sample

250102-e4pz2stkdt
MD5

62e7a16b652b99a704f161c51c4ba43c
SHA1

fa91677cd555911790087e7ee93dcdaf8d7ed87c
SHA256

cc83524cc495f1f88d6829be9b889da9fbbdaa20d72a0331c45dd2cee8ce95b4
SHA512

bad5abadfc4aac1902227bcf18e1b40e2e50dcbafecc648a70abcb45f1c91ba8ec1056cc8b9243f13e1a6b326ba56fac740bd9cf63b0535af1a8206bea23d2f8
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZc:0UzeyQMS4DqodCnoe+iitjWwwo

Score

10^/10

pony discovery

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  cc83524cc495f1f88d6829be9b889da9fbbdaa20d72a0331c45dd2cee8ce95b4.exe
- Size
  
  2.2MB
- MD5
  
  62e7a16b652b99a704f161c51c4ba43c
- SHA1
  
  fa91677cd555911790087e7ee93dcdaf8d7ed87c
- SHA256
  
  cc83524cc495f1f88d6829be9b889da9fbbdaa20d72a0331c45dd2cee8ce95b4
- SHA512
  
  bad5abadfc4aac1902227bcf18e1b40e2e50dcbafecc648a70abcb45f1c91ba8ec1056cc8b9243f13e1a6b326ba56fac740bd9cf63b0535af1a8206bea23d2f8
- SSDEEP
  
  24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZc:0UzeyQMS4DqodCnoe+iitjWwwo
Score

7^/10

discovery
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2