pony | dce31793f28e0e9ee4e9db4d878f74888d7d668928b93021aa5886b4d37721e3 | Triage

Sharing

General

Target

dce31793f28e0e9ee4e9db4d878f74888d7d668928b93021aa5886b4d37721e3
Size

474KB
Sample

221125-zxf4safa38
MD5

cccd886df8147f2d7fe2d110066495bd
SHA1

d1f4863acb5780466d2ff7a612dd4fe0e037a0eb
SHA256

dce31793f28e0e9ee4e9db4d878f74888d7d668928b93021aa5886b4d37721e3
SHA512

dac6837d4f8d7211a173f568f430829529c77cb351f1412f47b5c6748781d282daf2e73a6d9b384efc13d961a0c542b9f73925fd81f905687dab826a9187e687
SSDEEP

3072:YFfMwbfLTh7N5P8cPl1UHFbPdrLWg5nxipwmOxr+uD0GsLTvc:YVM8LVxl0b1rLWgtYbOVheLc

Score

10^/10

pony collection rat spyware stealer

Malware Config

Targets

- Target
  
  dce31793f28e0e9ee4e9db4d878f74888d7d668928b93021aa5886b4d37721e3
- Size
  
  474KB
- MD5
  
  cccd886df8147f2d7fe2d110066495bd
- SHA1
  
  d1f4863acb5780466d2ff7a612dd4fe0e037a0eb
- SHA256
  
  dce31793f28e0e9ee4e9db4d878f74888d7d668928b93021aa5886b4d37721e3
- SHA512
  
  dac6837d4f8d7211a173f568f430829529c77cb351f1412f47b5c6748781d282daf2e73a6d9b384efc13d961a0c542b9f73925fd81f905687dab826a9187e687
- SSDEEP
  
  3072:YFfMwbfLTh7N5P8cPl1UHFbPdrLWg5nxipwmOxr+uD0GsLTvc:YVM8LVxl0b1rLWgtYbOVheLc
Score

10^/10

pony collection rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealer

behavioral2

ponycollectionratspywarestealer