pony | 6f12bec8db3eafacfbdb137ad105da540dc3f33d82e58db54f0b87623d0935d4 | Triage

Submit
Reports

Overview

overview

Static

static

POL.exe

windows7_x64

POL.exe

windows10-2004_x64

Sharing

General

Target

6f12bec8db3eafacfbdb137ad105da540dc3f33d82e58db54f0b87623d0935d4
Size

475KB
Sample

220521-m443zadae3
MD5

3fe593734899896c94cf67b46e032726
SHA1

858329090fdcd77b0b3091d8f5fbde54ceece506
SHA256

6f12bec8db3eafacfbdb137ad105da540dc3f33d82e58db54f0b87623d0935d4
SHA512

cf6ae74e8a8bdf71afa0901dbc556b51d0f40fe2960af8f78f73fe02bc756267cf061b29724c6359323f7e9449e8432f26a1a0a0c120c30964a6058feb779102

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

POL.exe

Resource

win7-20220414-en

pony collection discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

POL.exe

Resource

win10v2004-20220414-en

pony collection discovery rat spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  POL.exe
- Size
  
  873KB
- MD5
  
  68a170452e42bcc18b6e91812a08cfc9
- SHA1
  
  7b710b3d50f45e1f522341713fa24170454d9f48
- SHA256
  
  fe966a744b83daaecb2b4b01adc7204e42d3f98955e142e78d7a948709185d27
- SHA512
  
  280a492aa64912b9329902c22ec4535375673860519db8c65fae2c1fc6e49fed3005d3a20ed01d5e5661c71a32be5de610d97711e8649dd3b3ef1937e2b17b99
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy