pony | ac3b526a325d3ece20eabcaadbfadae62977f6afa8b40f3ac83bff371a4e287b | Triage

Submit
Reports

Overview

overview

Static

static

ac3b526a32...7b.exe

windows7-x64

ac3b526a32...7b.exe

windows10-2004-x64

Sharing

General

Target

ac3b526a325d3ece20eabcaadbfadae62977f6afa8b40f3ac83bff371a4e287b
Size

34KB
Sample

221126-k3j1asfg89
MD5

efe888af013f09d76f0c43d73ab3f0e9
SHA1

e0a7793b244eb1af732933a035c4150c94eac43a
SHA256

ac3b526a325d3ece20eabcaadbfadae62977f6afa8b40f3ac83bff371a4e287b
SHA512

62f3f81d667b302f0686ecbee3b70a0f7094d8c9269ccbb1bc3e224d2b6533505bac9a5db021524a380c610d530983370fccec5ae7680874cffc8e17549b93f8
SSDEEP

768:Ncm2wdRawt9YCqObgarB8ZU7XsSeuVeeP7Gi0S/+neKC9zaf+h5cnPQyf:48awt9hgaN/xVwflCtxhSQyf

Score

10^/10

pony collection discovery rat spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ac3b526a325d3ece20eabcaadbfadae62977f6afa8b40f3ac83bff371a4e287b.exe

Resource

win7-20221111-en

pony collection discovery rat spyware stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ac3b526a325d3ece20eabcaadbfadae62977f6afa8b40f3ac83bff371a4e287b.exe

Resource

win10v2004-20220812-en

pony collection discovery rat spyware stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://itzh4cked.byethost32.com/gate.php

Targets

- Target
  
  ac3b526a325d3ece20eabcaadbfadae62977f6afa8b40f3ac83bff371a4e287b
- Size
  
  34KB
- MD5
  
  efe888af013f09d76f0c43d73ab3f0e9
- SHA1
  
  e0a7793b244eb1af732933a035c4150c94eac43a
- SHA256
  
  ac3b526a325d3ece20eabcaadbfadae62977f6afa8b40f3ac83bff371a4e287b
- SHA512
  
  62f3f81d667b302f0686ecbee3b70a0f7094d8c9269ccbb1bc3e224d2b6533505bac9a5db021524a380c610d530983370fccec5ae7680874cffc8e17549b93f8
- SSDEEP
  
  768:Ncm2wdRawt9YCqObgarB8ZU7XsSeuVeeP7Gi0S/+neKC9zaf+h5cnPQyf:48awt9hgaN/xVwflCtxhSQyf
Score

10^/10

pony collection discovery rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealerupx

behavioral2

ponycollectiondiscoveryratspywarestealerupx

© 2018-2024

Terms | Privacy