pony | 7f639ab0280abace14cb94482f1435e09c194daa923dd99f63d0cc277d357abe | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 04:32

Sharing

Report Analysis Logs

General

Target

546f85676ac780e9ac9c447cca2887ba.exe
Size

114KB
MD5

546f85676ac780e9ac9c447cca2887ba
SHA1

bc8c14354dc43f28879aad07be4808546078993f
SHA256

7f639ab0280abace14cb94482f1435e09c194daa923dd99f63d0cc277d357abe
SHA512

034866aa3263581f42d4d012b684f211df0ee41a63eb7df82126f26f2c46c0904071b5de8feb5dfe616a1f81b6e490c80d303cf99d3c3a5cffaa3b86ca2be650
SSDEEP

3072:/XAtWYKBlVXFGs287FF/oijKH+6moNOYvvmVYz9:fAoYKXVX52sFFgUIO

Score

10^/10

pony rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://etsiunjour.fr:81/pony/gate.php

http://69.194.194.238/pony/gate.php

Attributes

payload_url
http://ftp.ex-fin.sk/0rk5TF.exe

http://archstone.ro/yuzFyjAw.exe

Signatures

Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
rat spyware stealer pony

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2792	2924	546f85676ac780e9ac9c447cca2887ba.exe	28
PID 2924 wrote to memory of 2792	2924	546f85676ac780e9ac9c447cca2887ba.exe	28
PID 2924 wrote to memory of 2792	2924	546f85676ac780e9ac9c447cca2887ba.exe	28
PID 2924 wrote to memory of 2792	2924	546f85676ac780e9ac9c447cca2887ba.exe	28

C:\Users\Admin\AppData\Local\Temp\546f85676ac780e9ac9c447cca2887ba.exe
"C:\Users\Admin\AppData\Local\Temp\546f85676ac780e9ac9c447cca2887ba.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\Temp\546f85676ac780e9ac9c447cca2887ba.exe
  "C:\Users\Admin\AppData\Local\Temp\546f85676ac780e9ac9c447cca2887ba.exe"
  2⤵
  PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2924-0-0x00000000003F0000-0x000000000040F000-memory.dmp

Filesize
124KB

Download
memory/2924-1-0x00000000003F0000-0x000000000040F000-memory.dmp

Filesize
124KB

Download