pony | 560436f9411371c35982a229de866c64b903a2237245dfc35cee76b13cbad70f

General

Target

560436f9411371c35982a229de866c64b903a2237245dfc35cee76b13cbad70f
Size

97KB
Sample

221125-z42n3aff47
MD5

934e2cd36e68c618c46c7fcf2bf63216
SHA1

176729c08ca94d96cca371d5e840b5aeeade5aab
SHA256

560436f9411371c35982a229de866c64b903a2237245dfc35cee76b13cbad70f
SHA512

b1c6f5697ee3b89b044362eb09700166b761ccba561229773a1b05c9b39e507fa3d23395dd004c3188566e087f344a2936a90c8432984246f0aba03cf03b99f7
SSDEEP

1536:x384STFEbqTD6zQglcQWJs4WgejGf7AIdwypy9O3XTvvxkzbkfql/uuqhA:2LBEXsgqQUTxVTIO3emql/uuqh

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://www.reapcookware.com/Networking/servers/shared_ip/gate.php

Targets

- Target
  
  560436f9411371c35982a229de866c64b903a2237245dfc35cee76b13cbad70f
- Size
  
  97KB
- MD5
  
  934e2cd36e68c618c46c7fcf2bf63216
- SHA1
  
  176729c08ca94d96cca371d5e840b5aeeade5aab
- SHA256
  
  560436f9411371c35982a229de866c64b903a2237245dfc35cee76b13cbad70f
- SHA512
  
  b1c6f5697ee3b89b044362eb09700166b761ccba561229773a1b05c9b39e507fa3d23395dd004c3188566e087f344a2936a90c8432984246f0aba03cf03b99f7
- SSDEEP
  
  1536:x384STFEbqTD6zQglcQWJs4WgejGf7AIdwypy9O3XTvvxkzbkfql/uuqhA:2LBEXsgqQUTxVTIO3emql/uuqh
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

2

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Pony,Fareit

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2