pony | b24205394b92b61e4058e30a94528aa34cf37b3d930c3197d91f33f8fd173cf4 | Triage

Submit
Reports

Overview

overview

Static

static

Rincian Pe...df.exe

windows7_x64

Rincian Pe...df.exe

windows10_x64

Sharing

General

Target

Rincian Perbankan dan Transfer Formulir Aplikasi_pdf.exe
Size

505KB
Sample

201109-8d4fg4l3tj
MD5

b95219bcaa42d45a467dddb752dde333
SHA1

9234b6b4b4c2bf0ab2a8737f94e7a989f9083bce
SHA256

b24205394b92b61e4058e30a94528aa34cf37b3d930c3197d91f33f8fd173cf4
SHA512

607f20b5563e49c770b99eb6003e299b2e00f7e9ab8dfb04bb25a44f47a78b4e202017a3a248eef56fd27b4c6745183f89f561a97c21122be6ad528d034a837c

Score

10^/10

pony discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Rincian Perbankan dan Transfer Formulir Aplikasi_pdf.exe

Resource

win7v20201028

pony discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Rincian Perbankan dan Transfer Formulir Aplikasi_pdf.exe

Resource

win10v20201028

pony discovery rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Rincian Perbankan dan Transfer Formulir Aplikasi_pdf.exe
- Size
  
  505KB
- MD5
  
  b95219bcaa42d45a467dddb752dde333
- SHA1
  
  9234b6b4b4c2bf0ab2a8737f94e7a989f9083bce
- SHA256
  
  b24205394b92b61e4058e30a94528aa34cf37b3d930c3197d91f33f8fd173cf4
- SHA512
  
  607f20b5563e49c770b99eb6003e299b2e00f7e9ab8dfb04bb25a44f47a78b4e202017a3a248eef56fd27b4c6745183f89f561a97c21122be6ad528d034a837c
Score

10^/10

pony discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer

© 2018-2024

Terms | Privacy