pony | 94b6c71a9fb5a2a08fc4f290b8814fa96943ca44597a3d5452fa170da6a4ead1 | Triage

Sharing

General

Target

94b6c71a9fb5a2a08fc4f290b8814fa96943ca44597a3d5452fa170da6a4ead1
Size

476KB
Sample

221126-kstfzsfd64
MD5

4ebc24f4abf40feb4086fc68dd348a59
SHA1

c66b0e306b536c7768cc75fb304bd02f691c072f
SHA256

94b6c71a9fb5a2a08fc4f290b8814fa96943ca44597a3d5452fa170da6a4ead1
SHA512

073fbe17fe486fb8711f5a47b6c140687fbcd5f39c84779343b666087b2bd26131bfb5611b622bfc47fe76f6edef1fd5db2ef2a2edbc587981dedfb9367b17ce
SSDEEP

3072:aFfMwbfLTh7N5a8cPl1UHFbPdrLWg5nxipwmOxwOyp0wFlTHNcN3z:aVM8LVUl0b1rLWgtYbO+OK7G

Score

10^/10

pony collection rat spyware stealer

Malware Config

Targets

- Target
  
  94b6c71a9fb5a2a08fc4f290b8814fa96943ca44597a3d5452fa170da6a4ead1
- Size
  
  476KB
- MD5
  
  4ebc24f4abf40feb4086fc68dd348a59
- SHA1
  
  c66b0e306b536c7768cc75fb304bd02f691c072f
- SHA256
  
  94b6c71a9fb5a2a08fc4f290b8814fa96943ca44597a3d5452fa170da6a4ead1
- SHA512
  
  073fbe17fe486fb8711f5a47b6c140687fbcd5f39c84779343b666087b2bd26131bfb5611b622bfc47fe76f6edef1fd5db2ef2a2edbc587981dedfb9367b17ce
- SSDEEP
  
  3072:aFfMwbfLTh7N5a8cPl1UHFbPdrLWg5nxipwmOxwOyp0wFlTHNcN3z:aVM8LVUl0b1rLWgtYbO+OK7G
Score

10^/10

pony collection rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealer

behavioral2

ponycollectionratspywarestealer