pony | 67d74181d8b1f1a665308a09cb25f33825ae3c8ebc0a16a15fae01fca6cf6c86 | Triage

Sharing

General

Target

67d74181d8b1f1a665308a09cb25f33825ae3c8ebc0a16a15fae01fca6cf6c86
Size

940KB
Sample

221127-m4bresbh88
MD5

0fe6f9e97db43d41852fe5bdf72e3997
SHA1

2dc15e75791ce26a0b38ca0ecddd577567034507
SHA256

67d74181d8b1f1a665308a09cb25f33825ae3c8ebc0a16a15fae01fca6cf6c86
SHA512

2e4408fc37e19c6b52d4c7291b7564235a018c1cd498c6e5a1bd3916e101b98b6f78c96ccd2a7a1dc4a19cbb5ee05315316303d812ab7109a185bb37bbc6d461
SSDEEP

12288:Gtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga/7FcB4+76A:Gtb20pkaCqT5TBWgNQ7azQ76A

Score

10^/10

pony collection rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://clan.edu.co/hotel/management/Panel/gate.php

Attributes

payload_url
http://clan.edu.co/hotel/management/Panel/upd.exe

Targets

- Target
  
  67d74181d8b1f1a665308a09cb25f33825ae3c8ebc0a16a15fae01fca6cf6c86
- Size
  
  940KB
- MD5
  
  0fe6f9e97db43d41852fe5bdf72e3997
- SHA1
  
  2dc15e75791ce26a0b38ca0ecddd577567034507
- SHA256
  
  67d74181d8b1f1a665308a09cb25f33825ae3c8ebc0a16a15fae01fca6cf6c86
- SHA512
  
  2e4408fc37e19c6b52d4c7291b7564235a018c1cd498c6e5a1bd3916e101b98b6f78c96ccd2a7a1dc4a19cbb5ee05315316303d812ab7109a185bb37bbc6d461
- SSDEEP
  
  12288:Gtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga/7FcB4+76A:Gtb20pkaCqT5TBWgNQ7azQ76A
Score

10^/10

pony collection rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealer

behavioral2

ponycollectionratspywarestealer