pony | c42d210a84c1ff300f8b5470fc5b3553df944ad6e4b729ba2b30343b284757fe | Triage

Submit
Reports

Overview

overview

Static

static

c42d210a84...fe.exe

windows7-x64

c42d210a84...fe.exe

windows10-2004-x64

3

Sharing

General

Target

c42d210a84c1ff300f8b5470fc5b3553df944ad6e4b729ba2b30343b284757fe
Size

154KB
Sample

221203-akx44aca5y
MD5

bd9613fd87e238adba45190438329396
SHA1

7b8aa6b66ada8c89cd84e2e999c8b0ad94e5b114
SHA256

c42d210a84c1ff300f8b5470fc5b3553df944ad6e4b729ba2b30343b284757fe
SHA512

3b585f5ab6f88e660aaf6a3c82317231e7c634bdae77fc9ecf5e941ec3879334026172e681b8ab0a6f62f39f3a21fd40e515703f85714760e98b191492bbecb5
SSDEEP

3072:E4W5H4mNr9+819Ih/vxPNowmbpVOhKXFG26:RW3r9xFb3AKXX6

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

c42d210a84c1ff300f8b5470fc5b3553df944ad6e4b729ba2b30343b284757fe.exe

Resource

win7-20220812-en

pony collection discovery rat spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c42d210a84c1ff300f8b5470fc5b3553df944ad6e4b729ba2b30343b284757fe.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  c42d210a84c1ff300f8b5470fc5b3553df944ad6e4b729ba2b30343b284757fe
- Size
  
  154KB
- MD5
  
  bd9613fd87e238adba45190438329396
- SHA1
  
  7b8aa6b66ada8c89cd84e2e999c8b0ad94e5b114
- SHA256
  
  c42d210a84c1ff300f8b5470fc5b3553df944ad6e4b729ba2b30343b284757fe
- SHA512
  
  3b585f5ab6f88e660aaf6a3c82317231e7c634bdae77fc9ecf5e941ec3879334026172e681b8ab0a6f62f39f3a21fd40e515703f85714760e98b191492bbecb5
- SSDEEP
  
  3072:E4W5H4mNr9+819Ih/vxPNowmbpVOhKXFG26:RW3r9xFb3AKXX6
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

© 2018-2024

Terms | Privacy