pony | dea98717d6f4fdd15391d2fa8e0bef6a0237363ac49dba2ee44714c3830f318f | Triage

Sharing

General

Target

DEA98717D6F4FDD15391D2FA8E0BEF6A0237363AC49DB.exe
Size

160KB
Sample

230329-agla5aff8t
MD5

951a2b71ab84e8c9e932685b94b22d04
SHA1

c32b298f68d9fc8f4d5431725d62bfc5d25b06c5
SHA256

dea98717d6f4fdd15391d2fa8e0bef6a0237363ac49dba2ee44714c3830f318f
SHA512

bb7347681a00d99bba39e68449cf3fc8a938dac88146a77fbf5fecaf1888cba2b8981eef1901b36b7bc8ab249c152f18dc7f3f9fbbf59474e4d4fd204700f111
SSDEEP

3072:9YzJVjheL5gwn1T/np9S7yDEgcJaNf/mdA:9Yna5gyPn0yDEgcJac

Score

10^/10

pony collection rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://gtatoronto.com/images/single.gif/gate.php

http://strolatex.com/images/4.gif/gate.php

Targets

- Target
  
  DEA98717D6F4FDD15391D2FA8E0BEF6A0237363AC49DB.exe
- Size
  
  160KB
- MD5
  
  951a2b71ab84e8c9e932685b94b22d04
- SHA1
  
  c32b298f68d9fc8f4d5431725d62bfc5d25b06c5
- SHA256
  
  dea98717d6f4fdd15391d2fa8e0bef6a0237363ac49dba2ee44714c3830f318f
- SHA512
  
  bb7347681a00d99bba39e68449cf3fc8a938dac88146a77fbf5fecaf1888cba2b8981eef1901b36b7bc8ab249c152f18dc7f3f9fbbf59474e4d4fd204700f111
- SSDEEP
  
  3072:9YzJVjheL5gwn1T/np9S7yDEgcJaNf/mdA:9Yna5gyPn0yDEgcJac
Score

10^/10

pony collection rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ponycollectionratspywarestealer

behavioral2

ponycollectionratspywarestealer