pony | 56a096c383b5bf0b39dc72a8816488c6ca7679e80946d3b202a6b0f8a4999604 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56a096c383b5bf0b39dc72a8816488c6ca7679e80946d3b202a6b0f8a4999604
Size

147KB
Sample

220919-stq19aefg7
MD5

02f6692c4eb4e01fe84c8bf5465828c2
SHA1

b0fd2af603cac113027a677c57cb55f99b1a2f2e
SHA256

56a096c383b5bf0b39dc72a8816488c6ca7679e80946d3b202a6b0f8a4999604
SHA512

19a700a02d151e0eacfe5c1fa4ee22f88b63342aaff65e6a41437788ca79c737c28420e419e4e2a33f6b2247f6996eca7fd9f9ebed1ddca64ffd1b68818bd676
SSDEEP

3072:RiJk+HsNqabq/cN2o9xoWfRi/i/W2Tv/3RMbkRkeQnw:n+szbq/Xo9CW5cSv/3RwkGeUw

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Targets

- Target
  
  56a096c383b5bf0b39dc72a8816488c6ca7679e80946d3b202a6b0f8a4999604
- Size
  
  147KB
- MD5
  
  02f6692c4eb4e01fe84c8bf5465828c2
- SHA1
  
  b0fd2af603cac113027a677c57cb55f99b1a2f2e
- SHA256
  
  56a096c383b5bf0b39dc72a8816488c6ca7679e80946d3b202a6b0f8a4999604
- SHA512
  
  19a700a02d151e0eacfe5c1fa4ee22f88b63342aaff65e6a41437788ca79c737c28420e419e4e2a33f6b2247f6996eca7fd9f9ebed1ddca64ffd1b68818bd676
- SSDEEP
  
  3072:RiJk+HsNqabq/cN2o9xoWfRi/i/W2Tv/3RMbkRkeQnw:n+szbq/Xo9CW5cSv/3RwkGeUw
Score

10^/10

pony discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer