pony | d34e77e4ce22e3ff14c6900e225e118c5cdec91f3fb178822ec1e45da912eb4e | Triage

Submit
Reports

Overview

overview

Static

static

INV TEKNOL...DF.exe

windows7_x64

INV TEKNOL...DF.exe

windows10-2004_x64

Sharing

General

Target

d34e77e4ce22e3ff14c6900e225e118c5cdec91f3fb178822ec1e45da912eb4e
Size

874KB
Sample

220521-psfbksfhf5
MD5

8cd6e520a7c1e654d28a8a1cc48055a8
SHA1

3ed3a058819a79474ece83a5407cd9c02eb411eb
SHA256

d34e77e4ce22e3ff14c6900e225e118c5cdec91f3fb178822ec1e45da912eb4e
SHA512

ad0b66c386b77f632c4afcc5014ace3e135aad08936cae32d19b3ed06ed45df53e082ea154520e0457d492dab4ea0ce262ed7c1a6b1066339db81d59373d67bc

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

INV TEKNOLAB PRIMA INDONESIA.PDF.exe

Resource

win7-20220414-en

pony collection discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INV TEKNOLAB PRIMA INDONESIA.PDF.exe

Resource

win10v2004-20220414-en

pony collection discovery rat spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

pony

C2

http://smkrantimula.sch.id/cb/panelnew/gate.php

Targets

- Target
  
  INV TEKNOLAB PRIMA INDONESIA.PDF.exe
- Size
  
  1.0MB
- MD5
  
  2c0b595f698ff18c0dff18e6b14138b6
- SHA1
  
  9223cb9379e70d958254d2f9df253b402c2e9e37
- SHA256
  
  746b1025505ebb847d4f7f27ded324b512834d470c63950186aa25912fdd1dfb
- SHA512
  
  79d2fb0ddb7536763a2c35d7be953f00b1dd24d9453e4554024235339a0ec38ccb9ee96717f1c3067588b26244d63048242ec12d5fe479905cbca0c521a16ed7
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy