pony | 3d53b54d98e14f9de2a2316fe09ee6b9fe27f2dacdd4ad85f52dd1e16eebb006 | Triage

Submit
Reports

Overview

overview

Static

static

3d53b54d98...06.doc

windows7-x64

3d53b54d98...06.doc

windows10-2004-x64

1

Sharing

General

Target

3d53b54d98e14f9de2a2316fe09ee6b9fe27f2dacdd4ad85f52dd1e16eebb006
Size

367KB
Sample

221123-mp8gvaef84
MD5

7ad977e490ead6a113d88aa8091d3dfd
SHA1

f5f3c7a449bc658dee88153fbc6cf21061eaa1df
SHA256

3d53b54d98e14f9de2a2316fe09ee6b9fe27f2dacdd4ad85f52dd1e16eebb006
SHA512

84de4a09c3533f94bf76bbaaf47ee67f5b1da809a40140d570ff7000f912e2f6217dc55f1c42895870c26682c7c4ca52803b5fc802fb039755563d3d20377b5c
SSDEEP

6144:CEnfyZlEDVXmnIW2iDKPbIz7yStMvWqDJv7yC3dLPm+UidwOydGWm0CFJ:CEnfyAonINPbwCHDNeCk+UiWOyZwJ

Score

10^/10

pony discovery rat spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

3d53b54d98e14f9de2a2316fe09ee6b9fe27f2dacdd4ad85f52dd1e16eebb006.doc

Resource

win7-20221111-en

pony discovery rat spyware stealer upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d53b54d98e14f9de2a2316fe09ee6b9fe27f2dacdd4ad85f52dd1e16eebb006.doc

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://krossfight.eu/trustmebaby/gate.php

Attributes

payload_url
http://www.conteudosdigitais.org/calc.exe

http://autohaus-gutmann.de/calc.exe

http://firstdive.co.kr/calc.exe

Targets

- Target
  
  3d53b54d98e14f9de2a2316fe09ee6b9fe27f2dacdd4ad85f52dd1e16eebb006
- Size
  
  367KB
- MD5
  
  7ad977e490ead6a113d88aa8091d3dfd
- SHA1
  
  f5f3c7a449bc658dee88153fbc6cf21061eaa1df
- SHA256
  
  3d53b54d98e14f9de2a2316fe09ee6b9fe27f2dacdd4ad85f52dd1e16eebb006
- SHA512
  
  84de4a09c3533f94bf76bbaaf47ee67f5b1da809a40140d570ff7000f912e2f6217dc55f1c42895870c26682c7c4ca52803b5fc802fb039755563d3d20377b5c
- SSDEEP
  
  6144:CEnfyZlEDVXmnIW2iDKPbIz7yStMvWqDJv7yC3dLPm+UidwOydGWm0CFJ:CEnfyAonINPbwCHDNeCk+UiWOyZwJ
Score

10^/10

pony discovery rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealerupx

behavioral2

© 2018-2024

Terms | Privacy