pony | 7bdbdd2a6bd8d1a96913b88eb7de3185fad06538d1f632160bbb17d3e21ff0d9 | Triage

Submit
Reports

Overview

overview

Static

static

PO20150206H.exe

windows7-x64

PO20150206H.exe

windows10-2004-x64

Sharing

General

Target

7bdbdd2a6bd8d1a96913b88eb7de3185fad06538d1f632160bbb17d3e21ff0d9
Size

87KB
Sample

221125-3wbdpaah6w
MD5

805d4d75510ad46afff2d700e201b7ae
SHA1

1d1932c880ebe3bc288bd089c2183d40cc2320a0
SHA256

7bdbdd2a6bd8d1a96913b88eb7de3185fad06538d1f632160bbb17d3e21ff0d9
SHA512

212a0c94a3d7f004f401656bdbbb6f326efca3e70c095c151a91e921616c3c3a7650833882bd1d0a05171dd317e0abf88054accda9b1d455d61c97d9796dccbf
SSDEEP

1536:NAqQcEDng+g9cyVanHKWsJFvE8oOGlHpcWuPVtitsmlSa+aUyOeJ161guCMxKhjH:NEDg+g9cyUHtOFM9OGlpcWurY113uOMG

Score

10^/10

pony collection rat spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

PO20150206H.exe

Resource

win7-20220901-en

pony collection rat spyware stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO20150206H.exe

Resource

win10v2004-20220812-en

pony collection rat spyware stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://westechi-inc.com/plain/mega/gate.php

Attributes

payload_url
http://westechi-inc.com/plain/mega/shit.exe

Targets

- Target
  
  PO20150206H.exe
- Size
  
  199KB
- MD5
  
  047ba2678d39479a95cd9c7281abd773
- SHA1
  
  6a9313f6ca1e725eba3997fa51d7f4e019a2bc41
- SHA256
  
  26f8be44ab2f01909be3e34cb66983c39e3be73591cce6bbdbf6d948c6786e9d
- SHA512
  
  997e2dd68b12cf2a6b0d7e05def221a8e573809a54896fc69bffbc89a2334c368ee265a17996b763e64b1db972cccb783d9918a8520952b180d1e33d5e6ce126
- SSDEEP
  
  3072:RCJ11fpRe6j/b2aLPbpBqrVw1DilnRF2R:cJ11fpA6jbNbbpBq6Mn3O
Score

10^/10

pony collection rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealerupx

behavioral2

ponycollectionratspywarestealerupx

© 2018-2024

Terms | Privacy