pony | e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637 | Triage

Submit
Reports

Overview

overview

Static

static

e89ac7128c...37.exe

windows7_x64

e89ac7128c...37.exe

windows10_x64

Sharing

General

Target

e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637.exe
Size

307KB
Sample

210617-8tz5glqr9e
MD5

9634a80228a6d385b70c74db6f22118e
SHA1

9efdd367643baa158e5d51ca26553313bc6dcd27
SHA256

e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637
SHA512

ff30e23851da20b2e410db540a975c667beea73320e9465cf29c3ba2726eabe0d3a6aa6ff07e5388f44741eebee5dea2e6ee9fc81055c6c332ed7619b45499ba

Score

10^/10

pony discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637.exe

Resource

win7v20210408

pony discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637.exe

Resource

win10v20210410

pony discovery rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

pony

C2

http://212.192.241.203/sor/gate.php

Attributes

payload_url
http://212.192.241.203/sor/shit.exe

Targets

- Target
  
  e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637.exe
- Size
  
  307KB
- MD5
  
  9634a80228a6d385b70c74db6f22118e
- SHA1
  
  9efdd367643baa158e5d51ca26553313bc6dcd27
- SHA256
  
  e89ac7128c7460388550f814595e09ab596db0f6f6c0588eb6efdac0e3302637
- SHA512
  
  ff30e23851da20b2e410db540a975c667beea73320e9465cf29c3ba2726eabe0d3a6aa6ff07e5388f44741eebee5dea2e6ee9fc81055c6c332ed7619b45499ba
Score

10^/10

pony discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer

© 2018-2024

Terms | Privacy