pony | b5bfd32a0fbf01c39a49f50d858a9daa525855d39ff170ccddcbd9cb3cdb9d86 | Triage

Sharing

General

Target

b5bfd32a0fbf01c39a49f50d858a9daa525855d39ff170ccddcbd9cb3cdb9d86.exe
Size

2.2MB
Sample

250116-wnxhmasqek
MD5

db8eb286d9dd8162bfbcdf070e9ca2fb
SHA1

188b461cb5bcf510f69937b45ceb703b83906a86
SHA256

b5bfd32a0fbf01c39a49f50d858a9daa525855d39ff170ccddcbd9cb3cdb9d86
SHA512

5ef01b0b3b119fcfd40e23e8501ecd70f4b3bf9c44dd49bcc1533503a63172732bd408ed794d4876465c7bdf7b3321663403d0432fd8d3737957c811d9958757
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZf:0UzeyQMS4DqodCnoe+iitjWwwj

Score

10^/10

pony discovery

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  b5bfd32a0fbf01c39a49f50d858a9daa525855d39ff170ccddcbd9cb3cdb9d86.exe
- Size
  
  2.2MB
- MD5
  
  db8eb286d9dd8162bfbcdf070e9ca2fb
- SHA1
  
  188b461cb5bcf510f69937b45ceb703b83906a86
- SHA256
  
  b5bfd32a0fbf01c39a49f50d858a9daa525855d39ff170ccddcbd9cb3cdb9d86
- SHA512
  
  5ef01b0b3b119fcfd40e23e8501ecd70f4b3bf9c44dd49bcc1533503a63172732bd408ed794d4876465c7bdf7b3321663403d0432fd8d3737957c811d9958757
- SSDEEP
  
  24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZf:0UzeyQMS4DqodCnoe+iitjWwwj
Score

7^/10

discovery
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2