pony | 1c8364adfa80ba53c4eba17d1af721858d6b8c230bb511fda09dec1c6b8384e3 | Triage

Submit
Reports

Overview

overview

Static

static

TOY.exe

windows7_x64

TOY.exe

windows10-2004_x64

Sharing

General

Target

1c8364adfa80ba53c4eba17d1af721858d6b8c230bb511fda09dec1c6b8384e3
Size

372KB
Sample

220521-n3yp8shfgq
MD5

8c5177d7cee48ab7864e699d99e329b6
SHA1

b5fbb003f8a41ba5ad37a7734acd133ddc32bf10
SHA256

1c8364adfa80ba53c4eba17d1af721858d6b8c230bb511fda09dec1c6b8384e3
SHA512

3a828a435613a658ef67fb612d56b1fb5bc044f2818f3e641ac6c667159395fac2ecbc2b0a76fd96bae69e35a6d3d953f477675b9a89ead7f8492439932c33dc

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

TOY.exe

Resource

win7-20220414-en

pony collection discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TOY.exe

Resource

win10v2004-20220414-en

pony collection discovery rat spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  TOY.exe
- Size
  
  656KB
- MD5
  
  17ad204779010648c0ff58bed23f6201
- SHA1
  
  23d9e1a55a0e59c14f3a8fd97f97e1b014b2aec8
- SHA256
  
  23e3757121ff1a0c053d2dc66651ad8e2152373724a8091c56a7fae203401cab
- SHA512
  
  d97c4c1e5687fc5a28682ad78b3bea4df6e53c638acb07672550894d900164d8f90f440c6458d0312aeafe455853819861b69a2bedc00bd32e53b3dde0e8ddee
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy