pony | 85d472054b48edfc408541567e7ef3385aea070ce78438c86f2ccefd441ceecf | Triage

Submit
Reports

Overview

overview

Static

static

85d472054b...cf.exe

windows7-x64

85d472054b...cf.exe

windows10-2004-x64

Sharing

General

Target

85d472054b48edfc408541567e7ef3385aea070ce78438c86f2ccefd441ceecf
Size

121KB
Sample

221201-b9z6esgh6x
MD5

add47dc89cb96245d31b81968e2f4720
SHA1

620e6cd23a32f7c2fc721d64c9ceab3513beca43
SHA256

85d472054b48edfc408541567e7ef3385aea070ce78438c86f2ccefd441ceecf
SHA512

997ac933a99a59e31d070093343865208b39aa5c357d2a0d2eebb04d04b68c9d7f95bee36b818687658d74fb17718c155e4e41baca35e14c418ac13b6dc0fa53
SSDEEP

3072:3uz8L0wPWmHb7hDZg9VoU9GbqdlBqB+xig:3wsWO3htg9VJxd6U

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

85d472054b48edfc408541567e7ef3385aea070ce78438c86f2ccefd441ceecf.exe

Resource

win7-20220812-en

pony collection discovery rat spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

85d472054b48edfc408541567e7ef3385aea070ce78438c86f2ccefd441ceecf.exe

Resource

win10v2004-20220812-en

pony collection discovery rat spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  85d472054b48edfc408541567e7ef3385aea070ce78438c86f2ccefd441ceecf
- Size
  
  121KB
- MD5
  
  add47dc89cb96245d31b81968e2f4720
- SHA1
  
  620e6cd23a32f7c2fc721d64c9ceab3513beca43
- SHA256
  
  85d472054b48edfc408541567e7ef3385aea070ce78438c86f2ccefd441ceecf
- SHA512
  
  997ac933a99a59e31d070093343865208b39aa5c357d2a0d2eebb04d04b68c9d7f95bee36b818687658d74fb17718c155e4e41baca35e14c418ac13b6dc0fa53
- SSDEEP
  
  3072:3uz8L0wPWmHb7hDZg9VoU9GbqdlBqB+xig:3wsWO3htg9VJxd6U
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy