pony | 7a53e785d74c2e5534fa44c90b3f5aca3a5e2594ff24ee2d66766a3102d4a7cf | Triage

Submit
Reports

Overview

overview

Static

static

7a53e785d7...cf.exe

windows7-x64

7a53e785d7...cf.exe

windows10-2004-x64

Sharing

General

Target

7a53e785d74c2e5534fa44c90b3f5aca3a5e2594ff24ee2d66766a3102d4a7cf
Size

158KB
Sample

221123-lvt1zafg5s
MD5

2274688e626c1653b21e8e8cbf94bcd6
SHA1

8b22facf29d6bc6b0b16503e2658b3dddcf1b2bf
SHA256

7a53e785d74c2e5534fa44c90b3f5aca3a5e2594ff24ee2d66766a3102d4a7cf
SHA512

0877c5a67e8302ded98b97d4e0251cb906fb8da5d117764d337831f5315fd7c11694d2bc42f711ad802cb85dc22df8c78ae78afc221d00b1ef03a8f3fb34dd5f
SSDEEP

3072:trY+IYJgGCt0Wuug4TUKM2B1r2JytJv6zJi:RVk0WdOuUJ8d0J

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

7a53e785d74c2e5534fa44c90b3f5aca3a5e2594ff24ee2d66766a3102d4a7cf.exe

Resource

win7-20221111-en

pony collection discovery rat spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

7a53e785d74c2e5534fa44c90b3f5aca3a5e2594ff24ee2d66766a3102d4a7cf.exe

Resource

win10v2004-20221111-en

pony collection discovery rat spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://golklopro.com/bitrix/modules.php

http://cosjesgame.su/bitrix/modules.php

http://elrincondelfriki.es/333

http://palitosdepan.com/333.cab

Attributes

payload_url
http://colegioceus.com.br/333.exe

Targets

- Target
  
  7a53e785d74c2e5534fa44c90b3f5aca3a5e2594ff24ee2d66766a3102d4a7cf
- Size
  
  158KB
- MD5
  
  2274688e626c1653b21e8e8cbf94bcd6
- SHA1
  
  8b22facf29d6bc6b0b16503e2658b3dddcf1b2bf
- SHA256
  
  7a53e785d74c2e5534fa44c90b3f5aca3a5e2594ff24ee2d66766a3102d4a7cf
- SHA512
  
  0877c5a67e8302ded98b97d4e0251cb906fb8da5d117764d337831f5315fd7c11694d2bc42f711ad802cb85dc22df8c78ae78afc221d00b1ef03a8f3fb34dd5f
- SSDEEP
  
  3072:trY+IYJgGCt0Wuug4TUKM2B1r2JytJv6zJi:RVk0WdOuUJ8d0J
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy