pony | 59ee39ecc079f508931f556b7174f1dc4c035c00b07741bd0f8a5438140ae176 | Triage

Sharing

General

Target

59ee39ecc079f508931f556b7174f1dc4c035c00b07741bd0f8a5438140ae176.exe
Size

2.6MB
Sample

250112-3hda5axlbq
MD5

ce12bb0b0ce86d8704e14c213e092eda
SHA1

54772aae529445c36dc98f4ec23e2f149c82cfa2
SHA256

59ee39ecc079f508931f556b7174f1dc4c035c00b07741bd0f8a5438140ae176
SHA512

1acb791d5b64fd22375c4d164f0da93928123a0692e48af8cb69d713dc8f55528ddc8b9f1f63a6b64d30f5171f6517b46aabce86830aff6fdee7a9e006a27431
SSDEEP

49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlQ:86SIROiFJiwp0xlrlQ

Score

10^/10

pony discovery

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  59ee39ecc079f508931f556b7174f1dc4c035c00b07741bd0f8a5438140ae176.exe
- Size
  
  2.6MB
- MD5
  
  ce12bb0b0ce86d8704e14c213e092eda
- SHA1
  
  54772aae529445c36dc98f4ec23e2f149c82cfa2
- SHA256
  
  59ee39ecc079f508931f556b7174f1dc4c035c00b07741bd0f8a5438140ae176
- SHA512
  
  1acb791d5b64fd22375c4d164f0da93928123a0692e48af8cb69d713dc8f55528ddc8b9f1f63a6b64d30f5171f6517b46aabce86830aff6fdee7a9e006a27431
- SSDEEP
  
  49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlQ:86SIROiFJiwp0xlrlQ
Score

7^/10

discovery
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2