pony | 0bfb189716993ad5137df9eee7fe6407ac2315d30ad7b58e78bfa0350bdfbe77

General

Target

0bfb189716993ad5137df9eee7fe6407ac2315d30ad7b58e78bfa0350bdfbe77
Size

133KB
Sample

221128-hakd9acd86
MD5

a7a35312ad78654ca8225c30a88f08c3
SHA1

a1f3c02e9b450218b87b77c3e5880619b4181ef2
SHA256

0bfb189716993ad5137df9eee7fe6407ac2315d30ad7b58e78bfa0350bdfbe77
SHA512

282ff1256956f5461579ed21356f94d0306ee402d6776f533145440cf458d8a609215cb589d570e612eb3453a7f71f0b32f9e5b822bcd3f9ef691e5bd035abca
SSDEEP

1536:LsFxRlhRvjWvipqAMeUjiS2CoexoLa5QAh0Y2V1fRz94QiyCqf7yeCNiLUC71hH3:LClT3PzSh3Qmb4f59jT6iQC78NulQi

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://pokontaktu.ru/media/jce/instes/user.php

Attributes

payload_url
http://semerka.net/design/default/java.exe

Targets

- Target
  
  0bfb189716993ad5137df9eee7fe6407ac2315d30ad7b58e78bfa0350bdfbe77
- Size
  
  133KB
- MD5
  
  a7a35312ad78654ca8225c30a88f08c3
- SHA1
  
  a1f3c02e9b450218b87b77c3e5880619b4181ef2
- SHA256
  
  0bfb189716993ad5137df9eee7fe6407ac2315d30ad7b58e78bfa0350bdfbe77
- SHA512
  
  282ff1256956f5461579ed21356f94d0306ee402d6776f533145440cf458d8a609215cb589d570e612eb3453a7f71f0b32f9e5b822bcd3f9ef691e5bd035abca
- SSDEEP
  
  1536:LsFxRlhRvjWvipqAMeUjiS2CoexoLa5QAh0Y2V1fRz94QiyCqf7yeCNiLUC71hH3:LClT3PzSh3Qmb4f59jT6iQC78NulQi
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

3

T1005

Email Collection

2

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Pony,Fareit

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2