pony | ad94d7bd4b277b46a643b3d0697f0e03207a0b0d8b03117325ac1c46315a3618 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad94d7bd4b277b46a643b3d0697f0e03207a0b0d8b03117325ac1c46315a3618
Size

145KB
Sample

221129-dvkhjaeb9v
MD5

d5a22b3b88b7c858f7ccde4b453b8acf
SHA1

c2b8d57c63acdd4f65a3aff9b52b2f70d90a21f3
SHA256

ad94d7bd4b277b46a643b3d0697f0e03207a0b0d8b03117325ac1c46315a3618
SHA512

eaf9b8dd40c44e4ebe7b5bad0405dc1f9271b2c649c9e91e233c088ca11981f8f4222cd212bec9f0511c11792dba6ab51bbec6a0600efb6849f25f1a96b37829
SSDEEP

1536:zvXU0YuXwlzRb6nVLGQIn8qQqvvu+qACsh922Kzhbn1vpPL5RE38fBM429yj:TXCuXWEVLBI8q9cACUPKl5xB2g

Score

10^/10

pony collection discovery rat spyware stealer

Malware Config

Targets

- Target
  
  ad94d7bd4b277b46a643b3d0697f0e03207a0b0d8b03117325ac1c46315a3618
- Size
  
  145KB
- MD5
  
  d5a22b3b88b7c858f7ccde4b453b8acf
- SHA1
  
  c2b8d57c63acdd4f65a3aff9b52b2f70d90a21f3
- SHA256
  
  ad94d7bd4b277b46a643b3d0697f0e03207a0b0d8b03117325ac1c46315a3618
- SHA512
  
  eaf9b8dd40c44e4ebe7b5bad0405dc1f9271b2c649c9e91e233c088ca11981f8f4222cd212bec9f0511c11792dba6ab51bbec6a0600efb6849f25f1a96b37829
- SSDEEP
  
  1536:zvXU0YuXwlzRb6nVLGQIn8qQqvvu+qACsh922Kzhbn1vpPL5RE38fBM429yj:TXCuXWEVLBI8q9cACUPKl5xB2g
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer