pony | 82d499e31742ec1ca4e7ae1aa85b2e2f8a6f4a0ac41c354ba3741ae723c1d0fc | Triage

Submit
Reports

Overview

overview

Static

static

82d499e317...fc.exe

windows7-x64

82d499e317...fc.exe

windows10-2004-x64

1

Sharing

General

Target

82d499e31742ec1ca4e7ae1aa85b2e2f8a6f4a0ac41c354ba3741ae723c1d0fc
Size

180KB
Sample

221123-lvyn6afg5z
MD5

6803d29c48f1f6b5cc44287ad7bb9f0a
SHA1

8284880ad59991fb12bb2451979fca8763f4a81f
SHA256

82d499e31742ec1ca4e7ae1aa85b2e2f8a6f4a0ac41c354ba3741ae723c1d0fc
SHA512

3c9270e38664e6b6aa709b39259107ac06232ad884b64af0326b832947f650f792e72768f106efaf6e0814a769523cba8af230e6d5d2c393e5aeae3c33b2a94f
SSDEEP

3072:GyLrbCNjinOCDtzeQftP2hb1X6Ly6DHGqqpC3owZ:5XbCNjiNJzewtP+Z6W6iOYI

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

82d499e31742ec1ca4e7ae1aa85b2e2f8a6f4a0ac41c354ba3741ae723c1d0fc.exe

Resource

win7-20220812-en

pony collection discovery rat spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

82d499e31742ec1ca4e7ae1aa85b2e2f8a6f4a0ac41c354ba3741ae723c1d0fc.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://golklopro.com/bitrix/modules.php

http://cosjesgame.su/bitrix/modules.php

Attributes

payload_url
http://carkickz.com/333.exe

http://cloud9surfphilippines.com/333.exe

http://centarsvijeta.com/333.exe

http://yourthainess.com/333.exe

http://se-vende-direct.com/333.exe

Targets

- Target
  
  82d499e31742ec1ca4e7ae1aa85b2e2f8a6f4a0ac41c354ba3741ae723c1d0fc
- Size
  
  180KB
- MD5
  
  6803d29c48f1f6b5cc44287ad7bb9f0a
- SHA1
  
  8284880ad59991fb12bb2451979fca8763f4a81f
- SHA256
  
  82d499e31742ec1ca4e7ae1aa85b2e2f8a6f4a0ac41c354ba3741ae723c1d0fc
- SHA512
  
  3c9270e38664e6b6aa709b39259107ac06232ad884b64af0326b832947f650f792e72768f106efaf6e0814a769523cba8af230e6d5d2c393e5aeae3c33b2a94f
- SSDEEP
  
  3072:GyLrbCNjinOCDtzeQftP2hb1X6Ly6DHGqqpC3owZ:5XbCNjiNJzewtP+Z6W6iOYI
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

© 2018-2024

Terms | Privacy