pony | 8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8a1b82e891...e8.exe

windows7-x64

8a1b82e891...e8.exe

windows10-2004-x64

Sharing

General

Target

8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8
Size

98KB
Sample

221205-p89v5aff3t
MD5

3cb544d8e38d94c9cd0065566a869f56
SHA1

c075559834f31bb24295f8a16ac0b54fe8782ac8
SHA256

8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8
SHA512

dc85f858f4845ad171b590fb0ad4045e3979aab781b5752bc1ad552c0cbfacdaaefbd74989af3b6f9561c6d1de8efcc53f1e33966aa64b032c5f3c0b657a2d92
SSDEEP

1536:wP5swm+o8CoXX8hZfi6gZ1axm4uz+UimOzQ6VVTr8R0ppAJ1Za:wP5t7jMhZ23axxmuV5gRepAJq

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8.exe

Resource

win7-20220812-en

pony collection discovery rat spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8.exe

Resource

win10v2004-20220812-en

pony collection discovery rat spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php

Targets

- Target
  
  8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8
- Size
  
  98KB
- MD5
  
  3cb544d8e38d94c9cd0065566a869f56
- SHA1
  
  c075559834f31bb24295f8a16ac0b54fe8782ac8
- SHA256
  
  8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8
- SHA512
  
  dc85f858f4845ad171b590fb0ad4045e3979aab781b5752bc1ad552c0cbfacdaaefbd74989af3b6f9561c6d1de8efcc53f1e33966aa64b032c5f3c0b657a2d92
- SSDEEP
  
  1536:wP5swm+o8CoXX8hZfi6gZ1axm4uz+UimOzQ6VVTr8R0ppAJ1Za:wP5t7jMhZ23axxmuV5gRepAJq
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2025

Terms | Privacy