pony | d06be7bd36b4cdd6ac12e3c7fb675515cd33ae9ea75a26e7dc7fc3a7db14caff | Triage

Sharing

General

Target

Oplata ponedel'nik.exe
Size

1.1MB
Sample

200713-5tplt3bf4a
MD5

9a4c7ae4bcaa653ffd966d17785ed92d
SHA1

610343dbeb9e63ddd7fa2cfb765c8dda3c37c150
SHA256

d06be7bd36b4cdd6ac12e3c7fb675515cd33ae9ea75a26e7dc7fc3a7db14caff
SHA512

e6da37f1da3c075f0d435592eb69ef9cbfeb94f96f450b1a560fc7f9e7b6a5b903fdefa4fd2a749dfa0e3c5d0eac2777428e7dc92af0543cbc6ea55d3bf5d51f

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Targets

- Target
  
  Oplata ponedel'nik.exe
- Size
  
  1.1MB
- MD5
  
  9a4c7ae4bcaa653ffd966d17785ed92d
- SHA1
  
  610343dbeb9e63ddd7fa2cfb765c8dda3c37c150
- SHA256
  
  d06be7bd36b4cdd6ac12e3c7fb675515cd33ae9ea75a26e7dc7fc3a7db14caff
- SHA512
  
  e6da37f1da3c075f0d435592eb69ef9cbfeb94f96f450b1a560fc7f9e7b6a5b903fdefa4fd2a749dfa0e3c5d0eac2777428e7dc92af0543cbc6ea55d3bf5d51f
Score

10^/10

spyware discovery rat stealer pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency wallets, possible credential harvesting
  spyware
- Checks for installed software on the system
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywarediscoveryratstealerpony

behavioral2

spywarediscoveryratstealerpony