pony | 36ee7210598b9e9ceb184fc6bc29662a14f4e66e6f2f5139e677cf0147aed3de | Triage

Submit
Reports

Overview

overview

Static

static

LOKI.exe

windows7_x64

LOKI.exe

windows10-2004_x64

Sharing

General

Target

36ee7210598b9e9ceb184fc6bc29662a14f4e66e6f2f5139e677cf0147aed3de
Size

476KB
Sample

220521-m5awhsgbdp
MD5

97cd34562c25017ac5170de660ecbfe0
SHA1

aa5ee10c7b34ff015d6e598e247eb1232cd16409
SHA256

36ee7210598b9e9ceb184fc6bc29662a14f4e66e6f2f5139e677cf0147aed3de
SHA512

0dc9ec1c5efdbcb085c5af671407f9adbd23c11e32c44b1015157a0591e2f00b5dc49d8fbee4ff9d8a2fdf4114a75348011565cb85919ae66c1dcc9412712616

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

LOKI.exe

Resource

win7-20220414-en

pony collection discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

LOKI.exe

Resource

win10v2004-20220414-en

pony collection discovery rat spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  LOKI.exe
- Size
  
  873KB
- MD5
  
  030cb125ba97deb600d8a1137087754b
- SHA1
  
  e7a01f6c3b05d4b54f818f32aa043994105ee20e
- SHA256
  
  80b9257f924aef8ac5a1a724234ddcd6b67bee79819202bb7b5d4586b35164c7
- SHA512
  
  9efdf3dcf2051105c579aee44270bff95ed6808c101e831e2257cea669692d29fc1abd988e2221c0a00cacd1d24a7b4c2a84a372eb5b7608d2edf68db9ff9684
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy