pony | b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa | Triage

Submit
Reports

Overview

overview

Static

static

b0c3e97a5b...fa.exe

windows7-x64

b0c3e97a5b...fa.exe

windows10-2004-x64

Sharing

General

Target

b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa
Size

280KB
Sample

221128-qfdsnaah6x
MD5

8e88887f8e0eb0e6269fa4ffe7514b58
SHA1

f39a20ef2f07f21523f202b43581979fbee520a9
SHA256

b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa
SHA512

2b62f96f73bde66ee74a463c8a17829850acfac031d40047ce15e625292a8fd465701df038005b6f80b2cb0fac2cb1219690fc69e985ff334e76821db059eac6
SSDEEP

6144:sFPYyAVvBeXVS8w8eWDvUWRhTK2PCzesW8Jn29:sFdnXpw8DMWRhTK2PCzesW8U

Score

10^/10

pony collection rat spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa.exe

Resource

win7-20220812-en

pony collection rat spyware stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa.exe

Resource

win10v2004-20220901-en

pony collection rat spyware stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://orji.host22.com/PonyPHP/gate.php

Targets

- Target
  
  b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa
- Size
  
  280KB
- MD5
  
  8e88887f8e0eb0e6269fa4ffe7514b58
- SHA1
  
  f39a20ef2f07f21523f202b43581979fbee520a9
- SHA256
  
  b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa
- SHA512
  
  2b62f96f73bde66ee74a463c8a17829850acfac031d40047ce15e625292a8fd465701df038005b6f80b2cb0fac2cb1219690fc69e985ff334e76821db059eac6
- SSDEEP
  
  6144:sFPYyAVvBeXVS8w8eWDvUWRhTK2PCzesW8Jn29:sFdnXpw8DMWRhTK2PCzesW8U
Score

10^/10

pony collection rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealerupx

behavioral2

ponycollectionratspywarestealerupx

© 2018-2024

Terms | Privacy