pony | 667e90118f30a35e8003dc210389bccc349aa2d3bdf1276d4883667f4e25d86b | Triage

Sharing

General

Target

667e90118f30a35e8003dc210389bccc349aa2d3bdf1276d4883667f4e25d86b
Size

366KB
Sample

221128-txt3ragh29
MD5

59d757891b8aef93b23a03404eaad50a
SHA1

b20a0563693bc9266b999929702810e20b131f2e
SHA256

667e90118f30a35e8003dc210389bccc349aa2d3bdf1276d4883667f4e25d86b
SHA512

75e264c598b1840ce4db72b3fd8a01da3e8f2ca9d84d0800421db1024d8d052c520d8d4d53c35debbaa5e3235539c04c24f256964adfa0a6aecf70bab01fd1e4
SSDEEP

6144:886JQY0gNTz28wDApTXdY1sRT3ArFm635vhXRtjq/piZ:8Q8+8iAVdN5xmbRJq/p

Score

10^/10

pony collection rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://expl0de.in/Panel2/gate.php

Targets

- Target
  
  667e90118f30a35e8003dc210389bccc349aa2d3bdf1276d4883667f4e25d86b
- Size
  
  366KB
- MD5
  
  59d757891b8aef93b23a03404eaad50a
- SHA1
  
  b20a0563693bc9266b999929702810e20b131f2e
- SHA256
  
  667e90118f30a35e8003dc210389bccc349aa2d3bdf1276d4883667f4e25d86b
- SHA512
  
  75e264c598b1840ce4db72b3fd8a01da3e8f2ca9d84d0800421db1024d8d052c520d8d4d53c35debbaa5e3235539c04c24f256964adfa0a6aecf70bab01fd1e4
- SSDEEP
  
  6144:886JQY0gNTz28wDApTXdY1sRT3ArFm635vhXRtjq/piZ:8Q8+8iAVdN5xmbRJq/p
Score

10^/10

pony collection rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealer

behavioral2

ponycollectionratspywarestealer