pony | 6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be

General

Target

6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be
Size

148KB
Sample

221129-phwwksbg9v
MD5

8fa1825810977b3f875a88de9d757453
SHA1

1d5d3b3cb8312ec72fba34f4d11ca52e212cc88d
SHA256

6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be
SHA512

f2da58ab80b8f51ea218ea3f20d414b4532325bde9378c3626ee6b455a863412e6e96da424051f16a320b3ca2d811a4030210adfe5a63bbc19c4196c0327b24c
SSDEEP

3072:KA2hCdFXayYEf4B3UptTDYiYC5p5vWwYn9k:7MCbayFfaeCirpQn9

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://209.59.223.57/ponyd/gate.php

http://204.145.80.32/ponyd/gate.php

Targets

- Target
  
  6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be
- Size
  
  148KB
- MD5
  
  8fa1825810977b3f875a88de9d757453
- SHA1
  
  1d5d3b3cb8312ec72fba34f4d11ca52e212cc88d
- SHA256
  
  6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be
- SHA512
  
  f2da58ab80b8f51ea218ea3f20d414b4532325bde9378c3626ee6b455a863412e6e96da424051f16a320b3ca2d811a4030210adfe5a63bbc19c4196c0327b24c
- SSDEEP
  
  3072:KA2hCdFXayYEf4B3UptTDYiYC5p5vWwYn9k:7MCbayFfaeCirpQn9
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Pony,Fareit

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2