pony | 4580de401aa33ef41d9f1d80664e7a6db072808f721e56937e498f8be1ab0d19 | Triage

Sharing

General

Target

4580de401aa33ef41d9f1d80664e7a6db072808f721e56937e498f8be1ab0d19
Size

365KB
Sample

221128-txs6fsce8z
MD5

bbc3a78dca36b884f910649a4fb88133
SHA1

1883e6a1b8a2067e7b4790b210fcec80d6c9995a
SHA256

4580de401aa33ef41d9f1d80664e7a6db072808f721e56937e498f8be1ab0d19
SHA512

40478f7c49eaddc636752cc974f40a907ac085706ab92e5166fb404385061f4b70d67885391ed2765ba28eceacb0c3904a83e7c29fc1069a79f1b8e4a05a2c45
SSDEEP

6144:CCAD+3rAqJ9wzUJc8riKVwpTXdY1sRT3ArFm635vhXRtjq/piZ:sCrAqfc9VdN5xmbRJq/p

Score

10^/10

pony collection rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://expl0de.in/Panel2/gate.php

Targets

- Target
  
  4580de401aa33ef41d9f1d80664e7a6db072808f721e56937e498f8be1ab0d19
- Size
  
  365KB
- MD5
  
  bbc3a78dca36b884f910649a4fb88133
- SHA1
  
  1883e6a1b8a2067e7b4790b210fcec80d6c9995a
- SHA256
  
  4580de401aa33ef41d9f1d80664e7a6db072808f721e56937e498f8be1ab0d19
- SHA512
  
  40478f7c49eaddc636752cc974f40a907ac085706ab92e5166fb404385061f4b70d67885391ed2765ba28eceacb0c3904a83e7c29fc1069a79f1b8e4a05a2c45
- SSDEEP
  
  6144:CCAD+3rAqJ9wzUJc8riKVwpTXdY1sRT3ArFm635vhXRtjq/piZ:sCrAqfc9VdN5xmbRJq/p
Score

10^/10

pony collection rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealer

behavioral2

ponycollectionratspywarestealer