pony | 60f0c2daba44c1f09f9677a15ba4031f2853e1d3a3b608721d25c261a2341472 | Triage

Sharing

General

Target

0e17dd9e3ab01a67046c471b357ae4f5.exe
Size

88KB
Sample

230816-2fyzdaec39
MD5

0e17dd9e3ab01a67046c471b357ae4f5
SHA1

23b4e39ad9804705e1773499ed87081ad3d58097
SHA256

60f0c2daba44c1f09f9677a15ba4031f2853e1d3a3b608721d25c261a2341472
SHA512

a0b4da1aa7cadf2198dff22e6d1591fc8768237d9133299a9146a1431a9d4169829c698dca362f928f23d983217e652c801f4041a0cd1e21da5ca5738263164a
SSDEEP

1536:m2X+ju5qTBZnMU0DqLdt4n7yR1wrhSEgrOCENJkzZDNQt:3MvQqZt4eOCENCDNQt

Score

10^/10

pony rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://estherlu.webuda.com/update/gate.php

Targets

- Target
  
  0e17dd9e3ab01a67046c471b357ae4f5.exe
- Size
  
  88KB
- MD5
  
  0e17dd9e3ab01a67046c471b357ae4f5
- SHA1
  
  23b4e39ad9804705e1773499ed87081ad3d58097
- SHA256
  
  60f0c2daba44c1f09f9677a15ba4031f2853e1d3a3b608721d25c261a2341472
- SHA512
  
  a0b4da1aa7cadf2198dff22e6d1591fc8768237d9133299a9146a1431a9d4169829c698dca362f928f23d983217e652c801f4041a0cd1e21da5ca5738263164a
- SSDEEP
  
  1536:m2X+ju5qTBZnMU0DqLdt4n7yR1wrhSEgrOCENJkzZDNQt:3MvQqZt4eOCENCDNQt
Score

10^/10

pony rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ponyratspywarestealer

behavioral2

ponyratspywarestealer