Overview

overview

10

Static

static

3

21f457d2d4...30.exe

windows7-x64

10

21f457d2d4...30.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21f457d2d4ee4b1b3af12579875a8c45ab10f9796586695ac5c85e4421402130.exe

  • Size

    131KB

  • Sample

    250107-kb5gxsvkgq

  • MD5

    bfbfc5f383d5a365ab7543da4fddb9e5

  • SHA1

    2f92f7a77c1aba9c8612b288974267c02a96ad6c

  • SHA256

    21f457d2d4ee4b1b3af12579875a8c45ab10f9796586695ac5c85e4421402130

  • SHA512

    26126d97779aef3c76f5cc35b9292021b41317979c47422236de95cf06e1063313677b6b3f4aba502f41549ff66c5e4f1fc0e4f8fe03cac02c7928388c3466c4

  • SSDEEP

    3072:kinktgRYiecPOdjDKCo3qEK8e2atUfFzf85u4CCZHy:XnktpDKCo3qELfd2u4CCw

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://116.122.158.195:8080/forum/viewtopic.php

http://hubbardsauto.net/forum/viewtopic.php

http://irishhillstire.com/forum/viewtopic.php
Attributes
  • payload_url

    http://emarketingmail.net/bq4.exe

    http://solucionwebs.com/vrJA.exe

    http://chris-cross.de/xZtGB8t.exe

Targets

    • Target

      21f457d2d4ee4b1b3af12579875a8c45ab10f9796586695ac5c85e4421402130.exe

    • Size

      131KB

    • MD5

      bfbfc5f383d5a365ab7543da4fddb9e5

    • SHA1

      2f92f7a77c1aba9c8612b288974267c02a96ad6c

    • SHA256

      21f457d2d4ee4b1b3af12579875a8c45ab10f9796586695ac5c85e4421402130

    • SHA512

      26126d97779aef3c76f5cc35b9292021b41317979c47422236de95cf06e1063313677b6b3f4aba502f41549ff66c5e4f1fc0e4f8fe03cac02c7928388c3466c4

    • SSDEEP

      3072:kinktgRYiecPOdjDKCo3qEK8e2atUfFzf85u4CCZHy:XnktpDKCo3qELfd2u4CCw

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks