pony | b1d16e1de1969b36d18f40855272f754caddabde8c5ef693208c071377a6b7d9 | Triage

Submit
Reports

Overview

overview

Static

static

b1d16e1de1...d9.exe

windows7-x64

b1d16e1de1...d9.exe

windows10-2004-x64

Sharing

General

Target

b1d16e1de1969b36d18f40855272f754caddabde8c5ef693208c071377a6b7d9
Size

77KB
Sample

221203-h1njlaee29
MD5

507d6ff564943c5203392fd6961e38fa
SHA1

185970e25ff5d11a244a835686689401e3184db4
SHA256

b1d16e1de1969b36d18f40855272f754caddabde8c5ef693208c071377a6b7d9
SHA512

a16aa439499e1334bb449e74e4e2d652da99e96cc45644c90a08b1a5abc4fe81a5b645f50d66342d87a963497c204d46c743a1248c6c32c6470bad86db017b71
SSDEEP

1536:mf4uas6OXByfNSfIsiya+a19LLKdnABrAS6f/igyATpSh:2ssfByfNmIDya14jrHig18h

Score

10^/10

pony collection discovery rat spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

b1d16e1de1969b36d18f40855272f754caddabde8c5ef693208c071377a6b7d9.exe

Resource

win7-20220812-en

pony collection discovery rat spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b1d16e1de1969b36d18f40855272f754caddabde8c5ef693208c071377a6b7d9.exe

Resource

win10v2004-20221111-en

pony collection discovery rat spyware stealer upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://choiceonesupport.org/default.php?5QoWsezRsgUSO1EjQZfVO1y9VOAlXUC

http://lienansaigonhotel.com/default.php?cH1BQ4VfMtAKsxRRBFq7a298Ppt8KL

http://youcaan.com/default.php?IUYzgdBuLMWkvhHvyTb6pRxBtsGNsMOEgwAnG7UM

http://e3pos.com/default.php?eVlJPYuh4bNSccpCgTDQEzJz772oc1F8NHjp4XljZD

http://4g-mlm.com/default.php?lYaySmWNad9hOOqgVfBmZoBu2As17VV2OljQqVrav

Targets

- Target
  
  b1d16e1de1969b36d18f40855272f754caddabde8c5ef693208c071377a6b7d9
- Size
  
  77KB
- MD5
  
  507d6ff564943c5203392fd6961e38fa
- SHA1
  
  185970e25ff5d11a244a835686689401e3184db4
- SHA256
  
  b1d16e1de1969b36d18f40855272f754caddabde8c5ef693208c071377a6b7d9
- SHA512
  
  a16aa439499e1334bb449e74e4e2d652da99e96cc45644c90a08b1a5abc4fe81a5b645f50d66342d87a963497c204d46c743a1248c6c32c6470bad86db017b71
- SSDEEP
  
  1536:mf4uas6OXByfNSfIsiya+a19LLKdnABrAS6f/igyATpSh:2ssfByfNmIDya14jrHig18h
Score

10^/10

pony collection discovery rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealerupx

behavioral2

ponycollectiondiscoveryratspywarestealerupx

© 2018-2024

Terms | Privacy