pony | 61a99641dd17b8e5f90b9bcab31310fef29f044a0df028f1958de9b3e4e95afd | Triage

Sharing

General

Target

61a99641dd17b8e5f90b9bcab31310fef29f044a0df028f1958de9b3e4e95afd
Size

363KB
Sample

221004-cdzqfsgdbn
MD5

651e98248fb539e7433b3fa4a7cd5e60
SHA1

b6b5382e87b62ff4b0153d3b00ec800979319d6e
SHA256

61a99641dd17b8e5f90b9bcab31310fef29f044a0df028f1958de9b3e4e95afd
SHA512

576d5330590e4b55e3c7ad925ceb2996b799b8b2466b9ab2106cae4a8c1a1140caea75056f5dd4d76d847d2dbe48e36113cb8f72c7d2e45005197cc1c0419bc5
SSDEEP

3072:M+PELy5CJgYWvhB+TSF83aPsu7DbBIU5++hYmAEESBAyZ7vhW3XaHrJe0Zozup0b:LPnobS759Z7c6HDuyuqcrz4

Score

10^/10

pony collection rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://rtdtx.net/lock/track/coral/gate.php

Targets

- Target
  
  61a99641dd17b8e5f90b9bcab31310fef29f044a0df028f1958de9b3e4e95afd
- Size
  
  363KB
- MD5
  
  651e98248fb539e7433b3fa4a7cd5e60
- SHA1
  
  b6b5382e87b62ff4b0153d3b00ec800979319d6e
- SHA256
  
  61a99641dd17b8e5f90b9bcab31310fef29f044a0df028f1958de9b3e4e95afd
- SHA512
  
  576d5330590e4b55e3c7ad925ceb2996b799b8b2466b9ab2106cae4a8c1a1140caea75056f5dd4d76d847d2dbe48e36113cb8f72c7d2e45005197cc1c0419bc5
- SSDEEP
  
  3072:M+PELy5CJgYWvhB+TSF83aPsu7DbBIU5++hYmAEESBAyZ7vhW3XaHrJe0Zozup0b:LPnobS759Z7c6HDuyuqcrz4
Score

10^/10

pony collection rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealer

behavioral2

ponycollectionratspywarestealer