pony | 1213e808f8708f2de2e06a7044be43d91f70d495c2eb4db1d84cb26addf248c1 | Triage

Submit
Reports

Overview

overview

Static

static

3

Technical ...eg.exe

windows7-x64

Technical ...eg.exe

windows10-2004-x64

Sharing

General

Target

Technical Data Specifications & Drawings jpeg.zip
Size

372KB
Sample

240326-11a8dagf2s
MD5

b105886acca5bc483401be83043a2ebc
SHA1

5a137f76b03efb2f8f25b533e209b36969f9be7b
SHA256

1213e808f8708f2de2e06a7044be43d91f70d495c2eb4db1d84cb26addf248c1
SHA512

cf0caeb33fb2734f4e47ec9a34aab7de813c93946c36be5acd64905f9f52b8d09338571f891488fa185cce129705fdd6f4b71ad8215928f90d8ba2502a0d9778
SSDEEP

6144:LMjACcKuBTPGTuNxmiKIMITkv1Y8IguCTKJaoVo7t7acP382nyQmS5XvrgCyfiw3:LMjACcKuBSiiDIYS8kCTKJaoV8tbpyz7

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Technical Data Specifications & Drawings jpeg.exe

Resource

win7-20240221-en

pony collection discovery rat spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Technical Data Specifications & Drawings jpeg.exe

Resource

win10v2004-20240226-en

pony collection discovery rat spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://balsamar.org/water/panelnew/gate.php

Attributes

payload_url
http://balsamar.org/water/panelnew/apply.exe

Targets

- Target
  
  Technical Data Specifications & Drawings jpeg.exe
- Size
  
  726KB
- MD5
  
  fc410b568d2eb43dbe513ab5ccc54932
- SHA1
  
  c838be6b3daa718afe483a1c01a656b5efa526ee
- SHA256
  
  dc90195993b8957d8a3e8b3453d3e13fae57c15f3779d2ae611bfc95a838a64a
- SHA512
  
  c8e7776cd20305a2d9a447ab7f22c1568397a7e92307632dfc11a5187cc0c21de6f61a9dca5a3af5d8d7a19e2e6a70eb947ce68b9c69e040aa3ce0e76c41a29b
- SSDEEP
  
  3072:YoInfeSBe8bRqCB+h1/Ru32iEIp7HEYnHEqvQwH24SkW2:5m2cJbbB+3E32il9EYJhR
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy