pony | b391feb9708831ef6b6297c48b9eea031d0c7ac12ea6dc3c8d34d65715c73faa

General

Target

b391feb9708831ef6b6297c48b9eea031d0c7ac12ea6dc3c8d34d65715c73faa
Size

199KB
Sample

221125-v3ka6sce92
MD5

47acd8fcc1e7e21423c6d70eb8c9e937
SHA1

e7e445626ed23ab9cc585788d3e2a7dcd2f29782
SHA256

b391feb9708831ef6b6297c48b9eea031d0c7ac12ea6dc3c8d34d65715c73faa
SHA512

9b0ad070e87a1b929827e2bb44b66df03c910b5a8c9097bb41c4f979c08893541c54fdc0c631dea3fab2ed4616253e7b4f259e911730c13bbff5c3549ec163e3
SSDEEP

6144:9iF/kdrlEiy76zSuGEu6JcEXfBvTCw9FsEpkKBFaMwdg:9iF/ujF2EXWEZLCSDR3a5

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://havelisangeet.org/images/48repaewoe.php

Targets

- Target
  
  b391feb9708831ef6b6297c48b9eea031d0c7ac12ea6dc3c8d34d65715c73faa
- Size
  
  199KB
- MD5
  
  47acd8fcc1e7e21423c6d70eb8c9e937
- SHA1
  
  e7e445626ed23ab9cc585788d3e2a7dcd2f29782
- SHA256
  
  b391feb9708831ef6b6297c48b9eea031d0c7ac12ea6dc3c8d34d65715c73faa
- SHA512
  
  9b0ad070e87a1b929827e2bb44b66df03c910b5a8c9097bb41c4f979c08893541c54fdc0c631dea3fab2ed4616253e7b4f259e911730c13bbff5c3549ec163e3
- SSDEEP
  
  6144:9iF/kdrlEiy76zSuGEu6JcEXfBvTCw9FsEpkKBFaMwdg:9iF/ujF2EXWEZLCSDR3a5
Score

10^/10

pony collection persistence rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

2

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Pony,Fareit

UPX packed file

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2