pony | 8f69bafe363767592de67f48c47ea4441eccc8cff265fad9d1f2f513ff051d15

General

Target

8f69bafe363767592de67f48c47ea4441eccc8cff265fad9d1f2f513ff051d15
Size

114KB
Sample

221001-2epdjsbddl
MD5

7496660fce886f9597184d1d1a4e6533
SHA1

f15a375c2259a45a9ca8b6315985b48e50a116dc
SHA256

8f69bafe363767592de67f48c47ea4441eccc8cff265fad9d1f2f513ff051d15
SHA512

91517476ce5b3d79b4609815187fec99017e8eb1fb2485321eba7fd3d4d90f36a3e0bf9bbc79af7afd2302133387ae991919814e568a98c61d60c99c590aa0ee
SSDEEP

3072:dbIuIOiogpYYURe3f1MMqumss8Ay/tnb7RB2R7ayOMreztr:dbIuIsgpmRD/ssABL2FayOMCzt

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://199.168.184.198:81/forum/viewtopic.php

http://116.122.158.195:8080/forum/viewtopic.php

http://maine-munchies.com/forum/viewtopic.php

http://thecaviarofmaine.com/forum/viewtopic.php

Attributes

payload_url
http://www.sabrinahotel.it/bZ3f.exe

http://summithill.kaaswilson.com/Nb2Yyi.exe

http://ftp.highimpact-signs.com/t2E.exe

http://classicallyabsurdphotography.com/ySL74.exe

Targets

- Target
  
  8f69bafe363767592de67f48c47ea4441eccc8cff265fad9d1f2f513ff051d15
- Size
  
  114KB
- MD5
  
  7496660fce886f9597184d1d1a4e6533
- SHA1
  
  f15a375c2259a45a9ca8b6315985b48e50a116dc
- SHA256
  
  8f69bafe363767592de67f48c47ea4441eccc8cff265fad9d1f2f513ff051d15
- SHA512
  
  91517476ce5b3d79b4609815187fec99017e8eb1fb2485321eba7fd3d4d90f36a3e0bf9bbc79af7afd2302133387ae991919814e568a98c61d60c99c590aa0ee
- SSDEEP
  
  3072:dbIuIOiogpYYURe3f1MMqumss8Ay/tnb7RB2R7ayOMreztr:dbIuIsgpmRD/ssABL2FayOMCzt
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Pony,Fareit

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2