pony | 8011a23b9e787b949873967bc1f1832a35432c8ac4722bc4d8a5d4857b4368bc | Triage

Sharing

General

Target

8011a23b9e787b949873967bc1f1832a35432c8ac4722bc4d8a5d4857b4368bc.exe
Size

2.2MB
Sample

250122-cy8tvstkgz
MD5

fff8c445db7e6c75b6e282727280b3f0
SHA1

eb07f28d6dc3934277e78f1066e15dc878e549e5
SHA256

8011a23b9e787b949873967bc1f1832a35432c8ac4722bc4d8a5d4857b4368bc
SHA512

52129f3b540179dc3cc25a60c7abe97f05bbc4d3f08fe00119cac97d09b3d7694d5e5edd720736b9268b6065860e00ba2079fecc039aa61dd968800e2f9ca78d
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZi:0UzeyQMS4DqodCnoe+iitjWwwO

Score

10^/10

pony discovery

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  8011a23b9e787b949873967bc1f1832a35432c8ac4722bc4d8a5d4857b4368bc.exe
- Size
  
  2.2MB
- MD5
  
  fff8c445db7e6c75b6e282727280b3f0
- SHA1
  
  eb07f28d6dc3934277e78f1066e15dc878e549e5
- SHA256
  
  8011a23b9e787b949873967bc1f1832a35432c8ac4722bc4d8a5d4857b4368bc
- SHA512
  
  52129f3b540179dc3cc25a60c7abe97f05bbc4d3f08fe00119cac97d09b3d7694d5e5edd720736b9268b6065860e00ba2079fecc039aa61dd968800e2f9ca78d
- SSDEEP
  
  24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZi:0UzeyQMS4DqodCnoe+iitjWwwO
Score

7^/10

discovery
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2