pony | 964e7b311e933799477fd793aa4e7721af35fe5c494fd9d995a6a620b162e516 | Triage

Sharing

General

Target

order details.EXCEL.XLSx.xls.exe
Size

343KB
Sample

200707-wdgwfsdfae
MD5

1da38d8120af8bb60bc424739c1803fd
SHA1

3025d7f236bd898cdc0843bc1bf6e03c1fe84d46
SHA256

964e7b311e933799477fd793aa4e7721af35fe5c494fd9d995a6a620b162e516
SHA512

176c83941647410706f1871049940fe9e5a7b3f03e04ba20ed4bf3d01e601d79420f5d7c52d6cf8484f985a55550109559efa97152df82f462cd7477fa04cb04

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Targets

- Target
  
  order details.EXCEL.XLSx.xls.exe
- Size
  
  343KB
- MD5
  
  1da38d8120af8bb60bc424739c1803fd
- SHA1
  
  3025d7f236bd898cdc0843bc1bf6e03c1fe84d46
- SHA256
  
  964e7b311e933799477fd793aa4e7721af35fe5c494fd9d995a6a620b162e516
- SHA512
  
  176c83941647410706f1871049940fe9e5a7b3f03e04ba20ed4bf3d01e601d79420f5d7c52d6cf8484f985a55550109559efa97152df82f462cd7477fa04cb04
Score

10^/10

discovery rat spyware stealer pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks for installed software on the system
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryratspywarestealerpony

behavioral2

spywarediscoveryratstealerpony