pony | ceaf30d9a0dee69f6907ef95c011cea8d5cc01270ba5241baed4e5fbde98def5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ceaf30d9a0dee69f6907ef95c011cea8d5cc01270ba5241baed4e5fbde98def5
Size

106KB
Sample

221202-xna53ahc7w
MD5

a7c7bdaf45704239632a39e09e29a62b
SHA1

e8cfc141dfe42cec3b3354bd3af86d48edb183ab
SHA256

ceaf30d9a0dee69f6907ef95c011cea8d5cc01270ba5241baed4e5fbde98def5
SHA512

b48710cbfbb82f3bd5d856c15afa9c071b58480b1591e59a3dc09cc03f84a1f5f7f9ba0b99667a4fa72479202a3fed1376599d817e5e54d744c80a025c7178e4
SSDEEP

3072:Fr0V6My9stgmmpJkZQ8UIXFSkX/UmYoqitlwEM:FrdjszmpJUQTI1SkX/UoqkBM

Score

10^/10

pony collection discovery rat spyware stealer

Malware Config

Targets

- Target
  
  ceaf30d9a0dee69f6907ef95c011cea8d5cc01270ba5241baed4e5fbde98def5
- Size
  
  106KB
- MD5
  
  a7c7bdaf45704239632a39e09e29a62b
- SHA1
  
  e8cfc141dfe42cec3b3354bd3af86d48edb183ab
- SHA256
  
  ceaf30d9a0dee69f6907ef95c011cea8d5cc01270ba5241baed4e5fbde98def5
- SHA512
  
  b48710cbfbb82f3bd5d856c15afa9c071b58480b1591e59a3dc09cc03f84a1f5f7f9ba0b99667a4fa72479202a3fed1376599d817e5e54d744c80a025c7178e4
- SSDEEP
  
  3072:Fr0V6My9stgmmpJkZQ8UIXFSkX/UmYoqitlwEM:FrdjszmpJUQTI1SkX/UoqkBM
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer