pony | faa340be50691bf0e14536b1f7e80831f07092920a857e69114ddc39904b498e

Sharing

Copy URL

Twitter E-mail

General

Target

1ad01e78a0d3fbfeed6214a978832bf8_JaffaCakes118
Size

157KB
Sample

240701-lqa3asvake
MD5

1ad01e78a0d3fbfeed6214a978832bf8
SHA1

bae5e41125f0c00d7f91db6722d62b19b2a316da
SHA256

faa340be50691bf0e14536b1f7e80831f07092920a857e69114ddc39904b498e
SHA512

a034fdbbca832e3ff85eaa353c7fc4301f8742cf3b696ddfcdeb858e7ba63be87ec5dec0ca4d0f86c69d36b8da569193bc63091eeefc7e81f1333b771ed15f91
SSDEEP

3072:gm+9OQoTNF3M6C53V4LOEEHggRMdlkhpwX4qOHR:gm+RoTNFc53V4LAAg8AwXn2

Score

10^/10

Malware Config

Extracted

Family

pony

http://67.215.225.205:8080/forum/viewtopic.php

http://209.59.219.88/forum/viewtopic.php

Attributes

payload_url
http://www.drachenboot-strausberg.de/rgbykPm.exe
http://realitycoaching.es/23sf.exe
http://kms-anwaelte.de/mvCo.exe

Targets

- Target
  
  1ad01e78a0d3fbfeed6214a978832bf8_JaffaCakes118
- Size
  
  157KB
- MD5
  
  1ad01e78a0d3fbfeed6214a978832bf8
- SHA1
  
  bae5e41125f0c00d7f91db6722d62b19b2a316da
- SHA256
  
  faa340be50691bf0e14536b1f7e80831f07092920a857e69114ddc39904b498e
- SHA512
  
  a034fdbbca832e3ff85eaa353c7fc4301f8742cf3b696ddfcdeb858e7ba63be87ec5dec0ca4d0f86c69d36b8da569193bc63091eeefc7e81f1333b771ed15f91
- SSDEEP
  
  3072:gm+9OQoTNF3M6C53V4LOEEHggRMdlkhpwX4qOHR:gm+RoTNFc53V4LAAg8AwXn2
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Pony,Fareit

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2