pony | 271c55200556b59a200a324d2396fd915b4a1196ff695df3324837e1dfeed02d | Triage

Submit
Reports

Overview

overview

Static

static

271c552005...2d.exe

windows7-x64

271c552005...2d.exe

windows10-2004-x64

Sharing

General

Target

271c55200556b59a200a324d2396fd915b4a1196ff695df3324837e1dfeed02d
Size

198KB
Sample

221126-sf8ddace62
MD5

53710f0860d03137504a072e76d3f036
SHA1

7b4912ad92ca95231ad4b45bf33e5a6c66be1750
SHA256

271c55200556b59a200a324d2396fd915b4a1196ff695df3324837e1dfeed02d
SHA512

ee547fa3f1cde33fbd657209e7454ad7deef82313e27f7841b43581d244094cc39435bbd7355685ba7b9f1476f91e79a6d9ca5a0155db5d06aee9845802d34fc
SSDEEP

3072:yoWPI/I3Jl6GB93t0BYrAzww9IwbFG7qyFd6FQPz3kG:ynPdlV3t0zww9tsqyFsS7B

Score

10^/10

pony collection persistence rat spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

271c55200556b59a200a324d2396fd915b4a1196ff695df3324837e1dfeed02d.exe

Resource

win7-20221111-en

pony collection persistence rat spyware stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

271c55200556b59a200a324d2396fd915b4a1196ff695df3324837e1dfeed02d.exe

Resource

win10v2004-20221111-en

pony collection persistence rat spyware stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://188.166.15.172/pony//gate.php

Targets

- Target
  
  271c55200556b59a200a324d2396fd915b4a1196ff695df3324837e1dfeed02d
- Size
  
  198KB
- MD5
  
  53710f0860d03137504a072e76d3f036
- SHA1
  
  7b4912ad92ca95231ad4b45bf33e5a6c66be1750
- SHA256
  
  271c55200556b59a200a324d2396fd915b4a1196ff695df3324837e1dfeed02d
- SHA512
  
  ee547fa3f1cde33fbd657209e7454ad7deef82313e27f7841b43581d244094cc39435bbd7355685ba7b9f1476f91e79a6d9ca5a0155db5d06aee9845802d34fc
- SSDEEP
  
  3072:yoWPI/I3Jl6GB93t0BYrAzww9IwbFG7qyFd6FQPz3kG:ynPdlV3t0zww9tsqyFsS7B
Score

10^/10

pony collection persistence rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionpersistenceratspywarestealerupx

behavioral2

ponycollectionpersistenceratspywarestealerupx

© 2018-2024

Terms | Privacy