pony | 26f8be44ab2f01909be3e34cb66983c39e3be73591cce6bbdbf6d948c6786e9d | Triage

Submit
Reports

Overview

overview

Static

static

26f8be44ab...9d.exe

windows7-x64

26f8be44ab...9d.exe

windows10-2004-x64

Sharing

General

Target

26f8be44ab2f01909be3e34cb66983c39e3be73591cce6bbdbf6d948c6786e9d
Size

199KB
Sample

221125-3v96maah6s
MD5

047ba2678d39479a95cd9c7281abd773
SHA1

6a9313f6ca1e725eba3997fa51d7f4e019a2bc41
SHA256

26f8be44ab2f01909be3e34cb66983c39e3be73591cce6bbdbf6d948c6786e9d
SHA512

997e2dd68b12cf2a6b0d7e05def221a8e573809a54896fc69bffbc89a2334c368ee265a17996b763e64b1db972cccb783d9918a8520952b180d1e33d5e6ce126
SSDEEP

3072:RCJ11fpRe6j/b2aLPbpBqrVw1DilnRF2R:cJ11fpA6jbNbbpBq6Mn3O

Score

10^/10

pony collection rat spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

26f8be44ab2f01909be3e34cb66983c39e3be73591cce6bbdbf6d948c6786e9d.exe

Resource

win7-20220812-en

pony collection rat spyware stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

26f8be44ab2f01909be3e34cb66983c39e3be73591cce6bbdbf6d948c6786e9d.exe

Resource

win10v2004-20220812-en

pony collection rat spyware stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://westechi-inc.com/plain/mega/gate.php

Attributes

payload_url
http://westechi-inc.com/plain/mega/shit.exe

Targets

- Target
  
  26f8be44ab2f01909be3e34cb66983c39e3be73591cce6bbdbf6d948c6786e9d
- Size
  
  199KB
- MD5
  
  047ba2678d39479a95cd9c7281abd773
- SHA1
  
  6a9313f6ca1e725eba3997fa51d7f4e019a2bc41
- SHA256
  
  26f8be44ab2f01909be3e34cb66983c39e3be73591cce6bbdbf6d948c6786e9d
- SHA512
  
  997e2dd68b12cf2a6b0d7e05def221a8e573809a54896fc69bffbc89a2334c368ee265a17996b763e64b1db972cccb783d9918a8520952b180d1e33d5e6ce126
- SSDEEP
  
  3072:RCJ11fpRe6j/b2aLPbpBqrVw1DilnRF2R:cJ11fpA6jbNbbpBq6Mn3O
Score

10^/10

pony collection rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealerupx

behavioral2

ponycollectionratspywarestealerupx

© 2018-2024

Terms | Privacy