pony | 971443aa3efcab7657935b3346d329d957612209f634bbda0203376dddf15512 | Triage

Submit
Reports

Overview

overview

Static

static

971443aa3e...12.exe

windows7_x64

971443aa3e...12.exe

windows10-2004_x64

Sharing

General

Target

971443aa3efcab7657935b3346d329d957612209f634bbda0203376dddf15512.exe
Size

240KB
Sample

220521-yhzf5sgcbl
MD5

5a55e6c092cf553188e2f6d8beefe93f
SHA1

e273a97c430dff0097d37417c302f46fc6a85027
SHA256

971443aa3efcab7657935b3346d329d957612209f634bbda0203376dddf15512
SHA512

02ca726dcf1158777fb6398d2af1b2bba7a51d6e3378079bfa1ed631fe0bb28ff92e07ca566021493bcf800c5adb95dec44a9c550849f664aff20e640e6e869b

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

971443aa3efcab7657935b3346d329d957612209f634bbda0203376dddf15512.exe

Resource

win7-20220414-en

pony collection discovery rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

971443aa3efcab7657935b3346d329d957612209f634bbda0203376dddf15512.exe

Resource

win10v2004-20220414-en

pony collection discovery rat spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

pony

C2

http://azbex.com/sydney/panelnew/gate.php

Targets

- Target
  
  971443aa3efcab7657935b3346d329d957612209f634bbda0203376dddf15512.exe
- Size
  
  240KB
- MD5
  
  5a55e6c092cf553188e2f6d8beefe93f
- SHA1
  
  e273a97c430dff0097d37417c302f46fc6a85027
- SHA256
  
  971443aa3efcab7657935b3346d329d957612209f634bbda0203376dddf15512
- SHA512
  
  02ca726dcf1158777fb6398d2af1b2bba7a51d6e3378079bfa1ed631fe0bb28ff92e07ca566021493bcf800c5adb95dec44a9c550849f664aff20e640e6e869b
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy