pony | aafba906695868b3bcaec773f53203ddfef3574b85c70885d9acc6884c457ca4 | Triage

Submit
Reports

Overview

overview

Static

static

aafba90669...a4.exe

windows7-x64

aafba90669...a4.exe

windows10-2004-x64

Sharing

General

Target

aafba906695868b3bcaec773f53203ddfef3574b85c70885d9acc6884c457ca4
Size

246KB
Sample

221124-zr1agahf27
MD5

4b83baee79dd31e770e5eb406063be83
SHA1

71344f612f7322a2284a750cbfe06c90b3e93d19
SHA256

aafba906695868b3bcaec773f53203ddfef3574b85c70885d9acc6884c457ca4
SHA512

7d96ddb2936b40f5e20a4d064c6e0a561406c15f8323281814c41a552b10dbe0f5268420677d5285ce06df52e25b72b7d6b23b51cae4bd96d339f17417a6d075
SSDEEP

3072:u8uFb75u9PYM2eo9jOPaptz/2RnaUtyW/8n0L6gP52Lb+TojAI:D8PE9PCcPafzuRaRmz6eroL

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

aafba906695868b3bcaec773f53203ddfef3574b85c70885d9acc6884c457ca4.exe

Resource

win7-20221111-en

pony collection discovery rat spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

aafba906695868b3bcaec773f53203ddfef3574b85c70885d9acc6884c457ca4.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://174.143.147.168:8080/videoRama/googlestat.php

http://199.255.116.12:8080/videoRama/googlestat.php

http://173.237.187.203:8080/videoRama/googlestat.php

Targets

- Target
  
  aafba906695868b3bcaec773f53203ddfef3574b85c70885d9acc6884c457ca4
- Size
  
  246KB
- MD5
  
  4b83baee79dd31e770e5eb406063be83
- SHA1
  
  71344f612f7322a2284a750cbfe06c90b3e93d19
- SHA256
  
  aafba906695868b3bcaec773f53203ddfef3574b85c70885d9acc6884c457ca4
- SHA512
  
  7d96ddb2936b40f5e20a4d064c6e0a561406c15f8323281814c41a552b10dbe0f5268420677d5285ce06df52e25b72b7d6b23b51cae4bd96d339f17417a6d075
- SSDEEP
  
  3072:u8uFb75u9PYM2eo9jOPaptz/2RnaUtyW/8n0L6gP52Lb+TojAI:D8PE9PCcPafzuRaRmz6eroL
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

© 2018-2024

Terms | Privacy