Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03-01-2025 22:23
General
-
Target
36fd09cdb51e701f7affabecc456d5b73b8dbe486b7d8fe9f4775597f77f5eccN.exe
-
Size
152KB
-
MD5
26bdcc74b18322fb4515a6577424f610
-
SHA1
268f0a76e7ab0f8225454fab9bfe37f8add6e1f0
-
SHA256
36fd09cdb51e701f7affabecc456d5b73b8dbe486b7d8fe9f4775597f77f5ecc
-
SHA512
3ca865614a98b5cbc937e9ecb53ad8a1868a00c55b1c61ee82d6577aeef27a91e1c645f19edd830d3bcca0cd39e7d96b8acc8eb82d5ba0fbaab6c40a7ae4fc79
-
SSDEEP
3072:OlcucIca/MVHaOtU7ST2/reD5Koutkc53u:OlcXIca/M0OtGx/r+5KoSkE+
Malware Config
Extracted
pony
http://chipservice.by/includes/phpmailer/red.php
http://avtoritet13.ru/catalog/model/tool/red.php
http://autopodval.ru/catalog/model/module/red.php
http://www.brevna.ru/search/map/red.php
http://pinek.ru/priceManager/doc/red.php
http://svitaliyo.atservers.net/packages/red.php
http://bryanosti.ru/modules/book/red.php
http://kit.ucoz.com/html/bbn.dat
http://interlude.ucoz.com/bbcodes/bbn.dat
http://interlude.ucoz.com/images/bbn.dat
http://cs-clan-ak47.ucoz.ru/_fr/bbn.dat
Signatures
-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
Processes
-
C:\Users\Admin\AppData\Local\Temp\36fd09cdb51e701f7affabecc456d5b73b8dbe486b7d8fe9f4775597f77f5eccN.exe"C:\Users\Admin\AppData\Local\Temp\36fd09cdb51e701f7affabecc456d5b73b8dbe486b7d8fe9f4775597f77f5eccN.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
328KB