pony | 5a6f7943666794dfd60c935da5580b5d78febc6e9dcf65360fb68d875a669afd

General

Target

5a6f7943666794dfd60c935da5580b5d78febc6e9dcf65360fb68d875a669afd
Size

359KB
Sample

221126-aebznsbf6t
MD5

54af7419ce9c75ae785439813891c953
SHA1

2c270f1f411028b559d53e1c07e7d63d47434e00
SHA256

5a6f7943666794dfd60c935da5580b5d78febc6e9dcf65360fb68d875a669afd
SHA512

32e0dae96d38f1fd297793fa3c8cec23ae399068eeb976b686f2ccc91c810db5d5dd87ade917ab662e5a786bb90c7742babb5e4e5cae2ad09009ee3042193ba9
SSDEEP

6144:haULim0ZUo8lX3LBFJ4XwgejB0RHZNTkFlY8jlX3LBFJ4XwgejB0RHZNTkFlY8L:hrem0ZUPX7nJ4XwRN0RHZNTkFW85X7nz

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://91.220.163.32/p/gate.php

Targets

- Target
  
  5a6f7943666794dfd60c935da5580b5d78febc6e9dcf65360fb68d875a669afd
- Size
  
  359KB
- MD5
  
  54af7419ce9c75ae785439813891c953
- SHA1
  
  2c270f1f411028b559d53e1c07e7d63d47434e00
- SHA256
  
  5a6f7943666794dfd60c935da5580b5d78febc6e9dcf65360fb68d875a669afd
- SHA512
  
  32e0dae96d38f1fd297793fa3c8cec23ae399068eeb976b686f2ccc91c810db5d5dd87ade917ab662e5a786bb90c7742babb5e4e5cae2ad09009ee3042193ba9
- SSDEEP
  
  6144:haULim0ZUo8lX3LBFJ4XwgejB0RHZNTkFlY8jlX3LBFJ4XwgejB0RHZNTkFlY8L:hrem0ZUPX7nJ4XwRN0RHZNTkFW85X7nz
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Email Collection

2

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Pony,Fareit

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2