pony | 2c607b8f55078858e067738e3a805d532539d54ff2094fef828f72a21656c564 | Triage

Submit
Reports

Overview

overview

Static

static

1

28619bf1fd...18.exe

windows7-x64

28619bf1fd...18.exe

windows10-2004-x64

Sharing

General

Target

28619bf1fdf007ac562555a3738d8013_JaffaCakes118
Size

195KB
Sample

240706-q5qthsyhkl
MD5

28619bf1fdf007ac562555a3738d8013
SHA1

6cc2893ff25e7ad58fecd764741754f8cddd3c3d
SHA256

2c607b8f55078858e067738e3a805d532539d54ff2094fef828f72a21656c564
SHA512

9415d0fe866dd1e218d640506c183f8a9d3c540c68c85617ebea21ccff6816601b42f10fc9186d9779c4deb71de153dbf1ad6e2c8c9f664db1de5a38ad90d9f4
SSDEEP

1536:Rr+YfJ2HLVMFXoCvLd5OcqzXTldKHgCM+LFH2/cTkBi7shGSdj1VrJpwjcMGaqEK:YYfMHoXDbqzqHxM+J/kBiIVTEcMGLd

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

28619bf1fdf007ac562555a3738d8013_JaffaCakes118.exe

Resource

win7-20240705-en

pony collection discovery rat spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

28619bf1fdf007ac562555a3738d8013_JaffaCakes118.exe

Resource

win10v2004-20240704-en

pony collection discovery rat spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://momus.com.tw:8080/pony/gate.php

Attributes

payload_url
http://www.dihal.com.br/aB64Vw6G/L6f.exe
http://rosariodanza.com/CpTXByXo/qGzt2gTT.exe
http://alicianovias.com.ar/Pw0g76UB/kjjEmJ.exe
http://ssquarehospitality.com/to04gp5h/ewR7.exe

Targets

- Target
  
  28619bf1fdf007ac562555a3738d8013_JaffaCakes118
- Size
  
  195KB
- MD5
  
  28619bf1fdf007ac562555a3738d8013
- SHA1
  
  6cc2893ff25e7ad58fecd764741754f8cddd3c3d
- SHA256
  
  2c607b8f55078858e067738e3a805d532539d54ff2094fef828f72a21656c564
- SHA512
  
  9415d0fe866dd1e218d640506c183f8a9d3c540c68c85617ebea21ccff6816601b42f10fc9186d9779c4deb71de153dbf1ad6e2c8c9f664db1de5a38ad90d9f4
- SSDEEP
  
  1536:Rr+YfJ2HLVMFXoCvLd5OcqzXTldKHgCM+LFH2/cTkBi7shGSdj1VrJpwjcMGaqEK:YYfMHoXDbqzqHxM+J/kBiIVTEcMGLd
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy