pony | 6369ef51bca2633abdab77458120b1faa71a6816c8d21a65f6802a1da04a0f0c | Triage

Sharing

General

Target

6369ef51bca2633abdab77458120b1faa71a6816c8d21a65f6802a1da04a0f0c
Size

140KB
Sample

221129-kdzpfsfc7z
MD5

29c24de5e1c9fce4eadfb8ad757c8808
SHA1

b0c20d0a0470fa0d98d1381a34f6bd9dd41596bd
SHA256

6369ef51bca2633abdab77458120b1faa71a6816c8d21a65f6802a1da04a0f0c
SHA512

b9ba1bceb4dc89bea53d3e896c454a855306c50ebf92917aeeb5cc35a067b861b4111d898d4f572780bd9dd0371ec0cda89de9a5c5574bbb4d82311014dc6cb0
SSDEEP

3072:TbpLk1HvkcbsjfTD923qhXMyAeovvQfAuOh:TbpLk1sN2TxvT

Score

10^/10

pony collection discovery rat spyware stealer

Malware Config

Targets

- Target
  
  6369ef51bca2633abdab77458120b1faa71a6816c8d21a65f6802a1da04a0f0c
- Size
  
  140KB
- MD5
  
  29c24de5e1c9fce4eadfb8ad757c8808
- SHA1
  
  b0c20d0a0470fa0d98d1381a34f6bd9dd41596bd
- SHA256
  
  6369ef51bca2633abdab77458120b1faa71a6816c8d21a65f6802a1da04a0f0c
- SHA512
  
  b9ba1bceb4dc89bea53d3e896c454a855306c50ebf92917aeeb5cc35a067b861b4111d898d4f572780bd9dd0371ec0cda89de9a5c5574bbb4d82311014dc6cb0
- SSDEEP
  
  3072:TbpLk1HvkcbsjfTD923qhXMyAeovvQfAuOh:TbpLk1sN2TxvT
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer