pony | 9acb2a07e767c13806b1e29b793bcff0e4d740721d0e262601baad86d8124e18 | Triage

Submit
Reports

Overview

overview

Static

static

9acb2a07e7...18.exe

windows7-x64

9acb2a07e7...18.exe

windows10-2004-x64

Sharing

General

Target

9acb2a07e767c13806b1e29b793bcff0e4d740721d0e262601baad86d8124e18
Size

597KB
Sample

221126-jkfdqacg56
MD5

a21dca2f92809ab908e991053b9809f6
SHA1

ade6207b8f0fe25617beb088ef0a7fefedb219ff
SHA256

9acb2a07e767c13806b1e29b793bcff0e4d740721d0e262601baad86d8124e18
SHA512

5830d09a4cefdf6451da816e8ba1676613b41920bb6588b40e909c92ae8ff8cc355bd103ad4b6d32ee4b4d6ee9b3c9d606990927c32a686378456b3b16c09b93
SSDEEP

12288:ko0ZjcnNr3SC4Ybgob0vSZcVm/IMnfiNAKrMFnN6UaIg:kPZjcnxn4eIvFMIQ6PrMFnu

Score

10^/10

pony collection discovery rat spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

9acb2a07e767c13806b1e29b793bcff0e4d740721d0e262601baad86d8124e18.exe

Resource

win7-20221111-en

pony collection discovery rat spyware stealer upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

9acb2a07e767c13806b1e29b793bcff0e4d740721d0e262601baad86d8124e18.exe

Resource

win10v2004-20221111-en

pony collection discovery rat spyware stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://orangeisabitch.net16.net/gate.php

Targets

- Target
  
  9acb2a07e767c13806b1e29b793bcff0e4d740721d0e262601baad86d8124e18
- Size
  
  597KB
- MD5
  
  a21dca2f92809ab908e991053b9809f6
- SHA1
  
  ade6207b8f0fe25617beb088ef0a7fefedb219ff
- SHA256
  
  9acb2a07e767c13806b1e29b793bcff0e4d740721d0e262601baad86d8124e18
- SHA512
  
  5830d09a4cefdf6451da816e8ba1676613b41920bb6588b40e909c92ae8ff8cc355bd103ad4b6d32ee4b4d6ee9b3c9d606990927c32a686378456b3b16c09b93
- SSDEEP
  
  12288:ko0ZjcnNr3SC4Ybgob0vSZcVm/IMnfiNAKrMFnN6UaIg:kPZjcnxn4eIvFMIQ6PrMFnu
Score

10^/10

pony collection discovery rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Modifies file permissions
  discovery
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File Permissions Modification

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealerupx

behavioral2

ponycollectiondiscoveryratspywarestealerupx

© 2018-2024

Terms | Privacy