pony | 0dfff5bbf6b08a68798117e7f9126d0fd9715dc6cd2b40a4e027d54f911ad0aa | Triage

Sharing

General

Target

0dfff5bbf6b08a68798117e7f9126d0fd9715dc6cd2b40a4e027d54f911ad0aa.exe
Size

203KB
Sample

220521-yhzrxadae2
MD5

2b7214d5daad8b850451b3b9f18aec65
SHA1

b77414da73fe96f7c899c4d1cf39e71803083d06
SHA256

0dfff5bbf6b08a68798117e7f9126d0fd9715dc6cd2b40a4e027d54f911ad0aa
SHA512

50a67c167078137d7b5a2ca04771cd095ed36f4eef70e62435a3aa02bcac3dee39a86c3f28e2087c1dcbd37d1553896d52d4668701b7c569bd65d942c287be66

Score

10^/10

pony collection evasion rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://abcmedicalcenter.ro/masivcas/gate.php

Targets

- Target
  
  0dfff5bbf6b08a68798117e7f9126d0fd9715dc6cd2b40a4e027d54f911ad0aa.exe
- Size
  
  203KB
- MD5
  
  2b7214d5daad8b850451b3b9f18aec65
- SHA1
  
  b77414da73fe96f7c899c4d1cf39e71803083d06
- SHA256
  
  0dfff5bbf6b08a68798117e7f9126d0fd9715dc6cd2b40a4e027d54f911ad0aa
- SHA512
  
  50a67c167078137d7b5a2ca04771cd095ed36f4eef70e62435a3aa02bcac3dee39a86c3f28e2087c1dcbd37d1553896d52d4668701b7c569bd65d942c287be66
Score

10^/10

pony collection evasion rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Looks for VirtualBox Guest Additions in registry
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Email Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionevasionratspywarestealer

behavioral2

ponycollectionevasionratspywarestealer