pony | 8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5 | Triage

Submit
Reports

Overview

overview

Static

static

8f4f3312f7...e5.exe

windows7-x64

8f4f3312f7...e5.exe

windows10-2004-x64

1

Sharing

General

Target

8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5
Size

240KB
Sample

221002-p4gc1shbfr
MD5

46778240d7973ea82ed8b8c22d8cef90
SHA1

ec048d9e41578d722baa09a6164a20e28943f616
SHA256

8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5
SHA512

2c6d2fd57810b592cb788fb0b94d44b51d48a18b69c6ed8b23005e9d4c60dd00c27be8de61cc12c7f3f523c81e68dd68855152b85ee5aa125c0f346168d4e722
SSDEEP

3072:0ZKx4AzGDCx7G2nnk2cNRzn2HwbL2zH30o9KSe27Nyw:0Z24YPVc7b9wRKSe25

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5.exe

Resource

win7-20220901-en

pony collection discovery rat spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5
- Size
  
  240KB
- MD5
  
  46778240d7973ea82ed8b8c22d8cef90
- SHA1
  
  ec048d9e41578d722baa09a6164a20e28943f616
- SHA256
  
  8f4f3312f7d538f8ea4e6d62e98b61a88a770a7e0043b6a6ca5ae010b56f17e5
- SHA512
  
  2c6d2fd57810b592cb788fb0b94d44b51d48a18b69c6ed8b23005e9d4c60dd00c27be8de61cc12c7f3f523c81e68dd68855152b85ee5aa125c0f346168d4e722
- SSDEEP
  
  3072:0ZKx4AzGDCx7G2nnk2cNRzn2HwbL2zH30o9KSe27Nyw:0Z24YPVc7b9wRKSe25
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

© 2018-2024

Terms | Privacy