pony | eb26ef3e65443f120c41220f7ab8ecba7fa5513c7c130f4e21f6c81686d79cf0

General

Target

eb26ef3e65443f120c41220f7ab8ecba7fa5513c7c130f4e21f6c81686d79cf0
Size

56KB
Sample

221126-k3gj6sfg85
MD5

519e624d234dc9502c96c703398aa0d7
SHA1

98c3c585d316db0bd931c4d3e5eaa7d34f24ae6d
SHA256

eb26ef3e65443f120c41220f7ab8ecba7fa5513c7c130f4e21f6c81686d79cf0
SHA512

7464a9228314e1682a959508864f9b3c158b831b3601ecad6c20cb227d841f0bd3b9e570f30ed1f2c48390ab3ca756690a5b42a348a7302dcf73bfedb84482c2
SSDEEP

1536:WMUwfbnamXyBNmGKrWoWJtMnouy8EIP9WvnrVv:W8amCmGKiHtMoutEM8rV

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://www.skshospitality.in/authentication/panel/gate.php

Targets

- Target
  
  eb26ef3e65443f120c41220f7ab8ecba7fa5513c7c130f4e21f6c81686d79cf0
- Size
  
  56KB
- MD5
  
  519e624d234dc9502c96c703398aa0d7
- SHA1
  
  98c3c585d316db0bd931c4d3e5eaa7d34f24ae6d
- SHA256
  
  eb26ef3e65443f120c41220f7ab8ecba7fa5513c7c130f4e21f6c81686d79cf0
- SHA512
  
  7464a9228314e1682a959508864f9b3c158b831b3601ecad6c20cb227d841f0bd3b9e570f30ed1f2c48390ab3ca756690a5b42a348a7302dcf73bfedb84482c2
- SSDEEP
  
  1536:WMUwfbnamXyBNmGKrWoWJtMnouy8EIP9WvnrVv:W8amCmGKiHtMoutEM8rV
Score

10^/10

pony collection discovery rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

2

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Pony,Fareit

UPX packed file

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2