pony | db77815b4766ffa916220c582fce7bcaf383987efab92bf2c38cd6789c12e082 | Triage

Submit
Reports

Overview

overview

Static

static

3

dba409d517...f4.exe

windows7-x64

dba409d517...f4.exe

windows10-2004-x64

Sharing

General

Target

dba409d517d394e6fe810fe9b9b554f4
Size

283KB
Sample

240321-ps33msbf23
MD5

dba409d517d394e6fe810fe9b9b554f4
SHA1

167248b3d44f97f80324436b29c1ff286b9499ba
SHA256

db77815b4766ffa916220c582fce7bcaf383987efab92bf2c38cd6789c12e082
SHA512

41253995374c16372481559565cb4d6d79e17de47a3b86c3322e19bc79fd314f0bfc1b4dcd99dae951312cb7710ec9037fd7f829d305f197fe367fbc8b70a6aa
SSDEEP

6144:89GrX1EXSopNBF0BB2LceVV2LRENC/KkFCL4d6QuJVwGUFke:uSEXSopNBFow9mLRPKkALVduF

Score

10^/10

pony discovery evasion persistence rat spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dba409d517d394e6fe810fe9b9b554f4.exe

Resource

win7-20240221-en

pony discovery evasion persistence rat spyware stealer upx

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

dba409d517d394e6fe810fe9b9b554f4.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  dba409d517d394e6fe810fe9b9b554f4
- Size
  
  283KB
- MD5
  
  dba409d517d394e6fe810fe9b9b554f4
- SHA1
  
  167248b3d44f97f80324436b29c1ff286b9499ba
- SHA256
  
  db77815b4766ffa916220c582fce7bcaf383987efab92bf2c38cd6789c12e082
- SHA512
  
  41253995374c16372481559565cb4d6d79e17de47a3b86c3322e19bc79fd314f0bfc1b4dcd99dae951312cb7710ec9037fd7f829d305f197fe367fbc8b70a6aa
- SSDEEP
  
  6144:89GrX1EXSopNBF0BB2LceVV2LRENC/KkFCL4d6QuJVwGUFke:uSEXSopNBFow9mLRPKkALVduF
Score

10^/10

pony discovery evasion persistence rat spyware stealer upx
- Modifies security service
  evasion
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Disables taskbar notifications via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ponydiscoveryevasionpersistenceratspywarestealerupx

behavioral2

© 2018-2024

Terms | Privacy