pony | 64b125327ae8799146a6aae22629992b61ac6f5981a79dc09c0f3bd66ff748a1

General

Target

64b125327ae8799146a6aae22629992b61ac6f5981a79dc09c0f3bd66ff748a1
Size

137KB
Sample

221125-zqeblshc9z
MD5

c00cf9aee6404ec47fdd7e6e9eee820d
SHA1

6b130e69f56e5bb95129597ec094d9fd022920f8
SHA256

64b125327ae8799146a6aae22629992b61ac6f5981a79dc09c0f3bd66ff748a1
SHA512

858e406bf2933c09010476db4e3655bc4b254c8f53ff1fc027c60486e5e9729a8a2ddfad0a730fb0ebbe3e3f9306c4e3dc18d33df2667a675e6c020becfb7be1
SSDEEP

3072:I8Dsp+FNX1dFOvDlXJuZwVhRAeMtzCQs8xESUltSkWeM9uoUAHanE:I8dNXSEZahRwJqsZhMoU6aE

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://34324325kgkgfkgf.com/dffgbDFGvf465/YYf.php

http://dsffdsk323721372131.com/dffgbDFGvf465/YYf.php

http://fdshjfsh324332432.com/dffgbDFGvf465/YYf.php

http://jdsiwiqweiqwyreqwi.com/dffgbDFGvf465/YYf.php

Targets

- Target
  
  64b125327ae8799146a6aae22629992b61ac6f5981a79dc09c0f3bd66ff748a1
- Size
  
  137KB
- MD5
  
  c00cf9aee6404ec47fdd7e6e9eee820d
- SHA1
  
  6b130e69f56e5bb95129597ec094d9fd022920f8
- SHA256
  
  64b125327ae8799146a6aae22629992b61ac6f5981a79dc09c0f3bd66ff748a1
- SHA512
  
  858e406bf2933c09010476db4e3655bc4b254c8f53ff1fc027c60486e5e9729a8a2ddfad0a730fb0ebbe3e3f9306c4e3dc18d33df2667a675e6c020becfb7be1
- SSDEEP
  
  3072:I8Dsp+FNX1dFOvDlXJuZwVhRAeMtzCQs8xESUltSkWeM9uoUAHanE:I8dNXSEZahRwJqsZhMoU6aE
Score

10^/10

pony collection discovery rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2