pony | 401c0c254f1308bdc90c47a77e1e5103ee9b3ee3988cbf06ae3dd632bba888d7 | Triage

Sharing

General

Target

401c0c254f1308bdc90c47a77e1e5103ee9b3ee3988cbf06ae3dd632bba888d7
Size

704KB
Sample

221001-3v251sdgem
MD5

6f3844c8bee4e99d6928052c8ae54107
SHA1

6268fe253aa32c48bb2820ab528abdb4358614e7
SHA256

401c0c254f1308bdc90c47a77e1e5103ee9b3ee3988cbf06ae3dd632bba888d7
SHA512

d45856d6e05fbc73fe2dd3b96afaaa3d7123f3e7f27f0d9ccf4ad2f89954c9c831556eba4bdaf6aa52fe2562461fd8556cf25f150cd825ffc29ed323cebb9bf3
SSDEEP

3072:CnE6JJ4NJtL4yJlWbTLKu5FDksiFsqoigBYh7WWWWWWWCnkPIjw1Ag/:tOID7amAfyQihhWWWWWWWCJb

Score

10^/10

pony collection discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://www.cordilleraescalera.com/images/2.gif/gate.php

Targets

- Target
  
  401c0c254f1308bdc90c47a77e1e5103ee9b3ee3988cbf06ae3dd632bba888d7
- Size
  
  704KB
- MD5
  
  6f3844c8bee4e99d6928052c8ae54107
- SHA1
  
  6268fe253aa32c48bb2820ab528abdb4358614e7
- SHA256
  
  401c0c254f1308bdc90c47a77e1e5103ee9b3ee3988cbf06ae3dd632bba888d7
- SHA512
  
  d45856d6e05fbc73fe2dd3b96afaaa3d7123f3e7f27f0d9ccf4ad2f89954c9c831556eba4bdaf6aa52fe2562461fd8556cf25f150cd825ffc29ed323cebb9bf3
- SSDEEP
  
  3072:CnE6JJ4NJtL4yJlWbTLKu5FDksiFsqoigBYh7WWWWWWWCnkPIjw1Ag/:tOID7amAfyQihhWWWWWWWCJb
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2