pony | 2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d | Triage

Submit
Reports

Overview

overview

Static

static

2adb07916f...6d.exe

windows7-x64

2adb07916f...6d.exe

windows10-2004-x64

Sharing

General

Target

2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d
Size

1.3MB
Sample

221127-r4vlraee66
MD5

c75f98e9bde735b1785b9f3e3d7b6ad6
SHA1

8028222efcf71c343aa3ce45b2dde05403696a3d
SHA256

2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d
SHA512

59b8b5fefe4b72becf3eefbbb70480174f9b2ae588e99cb5cc3b623847f0018ce603f3c4a6dcf9dc328618e71a68442ff5f7a214d2cec000ded1bc53aad81499
SSDEEP

24576:i2O/GlAIaOXAN/+rtH/GsMb7g6zwzRQegxP265:vPXAZetHo5k1tS

Score

10^/10

pony collection rat spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d.exe

Resource

win7-20220812-en

pony collection rat spyware stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d.exe

Resource

win10v2004-20221111-en

pony collection rat spyware stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://finalego.000a.de/1/gate.php

Targets

- Target
  
  2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d
- Size
  
  1.3MB
- MD5
  
  c75f98e9bde735b1785b9f3e3d7b6ad6
- SHA1
  
  8028222efcf71c343aa3ce45b2dde05403696a3d
- SHA256
  
  2adb07916f90ebe960d28568427815fda73b01a40a47b9e7bedb487b8301b96d
- SHA512
  
  59b8b5fefe4b72becf3eefbbb70480174f9b2ae588e99cb5cc3b623847f0018ce603f3c4a6dcf9dc328618e71a68442ff5f7a214d2cec000ded1bc53aad81499
- SSDEEP
  
  24576:i2O/GlAIaOXAN/+rtH/GsMb7g6zwzRQegxP265:vPXAZetHo5k1tS
Score

10^/10

pony collection rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealerupx

behavioral2

ponycollectionratspywarestealerupx

© 2018-2024

Terms | Privacy