pony | f9225f73a27a6e50b5621aa9a702e3fb98261cef2c33ef90944b3a86db43c111 | Triage

Sharing

General

Target

tmp
Size

202KB
Sample

230306-j7lt1sbc52
MD5

eebe07ffa7b0735675bf35bf6c18dff7
SHA1

be6cdd7497d40ba8f79369f49bbfc02740402fe4
SHA256

f9225f73a27a6e50b5621aa9a702e3fb98261cef2c33ef90944b3a86db43c111
SHA512

374cec9887aa9aa97f264aeab03fd42c21c4d7c12a4da3c05b93e4ba13a96e810b47d093ccf235e47f630d507edd48ef9d0c095341fcc427052a05dc4cd1b891
SSDEEP

6144:oBbNmTHgGAEHcMbojtXZ7JyIt0RbDUb+N/0rXvfb63w:oBbNKHgzEe4M0R/orXr

Score

10^/10

pony collection rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://egem.gr/cloud/panel/gate.php

Attributes

payload_url
http://myp0nysite.ru/shit.exe

Targets

- Target
  
  tmp
- Size
  
  202KB
- MD5
  
  eebe07ffa7b0735675bf35bf6c18dff7
- SHA1
  
  be6cdd7497d40ba8f79369f49bbfc02740402fe4
- SHA256
  
  f9225f73a27a6e50b5621aa9a702e3fb98261cef2c33ef90944b3a86db43c111
- SHA512
  
  374cec9887aa9aa97f264aeab03fd42c21c4d7c12a4da3c05b93e4ba13a96e810b47d093ccf235e47f630d507edd48ef9d0c095341fcc427052a05dc4cd1b891
- SSDEEP
  
  6144:oBbNmTHgGAEHcMbojtXZ7JyIt0RbDUb+N/0rXvfb63w:oBbNKHgzEe4M0R/orXr
Score

10^/10

pony collection rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealer

behavioral2

ponycollectionratspywarestealer