pony | 9e97d5c9d090ee150ae8a223d083aaf412f1a654e305ba61d752cb2a0f715551 | Triage

Sharing

General

Target

9e97d5c9d090ee150ae8a223d083aaf412f1a654e305ba61d752cb2a0f715551
Size

478KB
Sample

221126-k24y3sfg75
MD5

d0218c97bdb136abcb214c81fcad316c
SHA1

93a054c46ff0253c22abad6e449838f5422e6bff
SHA256

9e97d5c9d090ee150ae8a223d083aaf412f1a654e305ba61d752cb2a0f715551
SHA512

faa8a605e3b73e53d23a461edea137289bf4497329f9bbadd700f2b280927ac0df0329dc67186ccd05b7635bc3f29062ea6abaa751bb9918be963f9925564063
SSDEEP

6144:ZdSK04ETTZ+4TBpvjLCafVoe1qBJdeWR5cH7b6ZgA50mrjRY9XRv:ZoL4EnU4T/vjL6Jf5Q7G5trjy1Rv

Score

10^/10

pony collection rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://weloveapple.org/cybercry/root/gate.php

Targets

- Target
  
  9e97d5c9d090ee150ae8a223d083aaf412f1a654e305ba61d752cb2a0f715551
- Size
  
  478KB
- MD5
  
  d0218c97bdb136abcb214c81fcad316c
- SHA1
  
  93a054c46ff0253c22abad6e449838f5422e6bff
- SHA256
  
  9e97d5c9d090ee150ae8a223d083aaf412f1a654e305ba61d752cb2a0f715551
- SHA512
  
  faa8a605e3b73e53d23a461edea137289bf4497329f9bbadd700f2b280927ac0df0329dc67186ccd05b7635bc3f29062ea6abaa751bb9918be963f9925564063
- SSDEEP
  
  6144:ZdSK04ETTZ+4TBpvjLCafVoe1qBJdeWR5cH7b6ZgA50mrjRY9XRv:ZoL4EnU4T/vjL6Jf5Q7G5trjy1Rv
Score

10^/10

pony collection rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealer

behavioral2

ponycollectionratspywarestealer