pony | e92137145c6eafb37b95ef36822069a4dfdcf8af35ea67c87da834da6983a579 | Triage

Submit
Reports

Overview

overview

Static

static

3

Order List...eg.exe

windows7-x64

Order List...eg.exe

windows10-2004-x64

Sharing

General

Target

Order List Enquiry Eta_Eta_Scan06112015 jpeg.zip
Size

372KB
Sample

240326-3jaavshg6x
MD5

5f9757f29a262bbc0d4317afa3031c64
SHA1

ca9b5128ccdfeea9db6ab65915a660b4cb586f40
SHA256

e92137145c6eafb37b95ef36822069a4dfdcf8af35ea67c87da834da6983a579
SHA512

3a25c47b50c83f4a4a86b6d198f2b372a08dfe02a2c0370fc58103b69b1200fc538408a0491faee420813b36099525a72646391603ef451809fdd8b4c5b6b8b7
SSDEEP

6144:DlUv/zV+dzA7RfB0vH5JPK17E5itYnE82nQV8BaXsHk8HpFjYSAqWJ4fYA3x:u/p+xARB0vHDPmGih8TVTG3HPc/J4fYo

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Order List Enquiry Eta_Eta_Scan06112015 jpeg.exe

Resource

win7-20240220-en

pony collection discovery rat spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Order List Enquiry Eta_Eta_Scan06112015 jpeg.exe

Resource

win10v2004-20240319-en

pony collection discovery rat spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://balsamar.org/water/panelnew/gate.php

Attributes

payload_url
http://balsamar.org/water/panelnew/apply.exe

Targets

- Target
  
  Order List Enquiry Eta_Eta_Scan06112015 jpeg.exe
- Size
  
  726KB
- MD5
  
  d25ebaed54346079d604c4a4f5d08f05
- SHA1
  
  b96f1d155b189eda47c412e5ae5ce9d517de4021
- SHA256
  
  909d6d5793473dc6d24877b551ff614edbacd1a482baad8aea4f0b281ca4a12f
- SHA512
  
  95c9becfd1074df8fb507629055188417a85e4d14fee099016cafbbdad7b18003a753d6af1db60f864865e53aab32bc06abab1b249154d1ea85364c99b50ea08
- SSDEEP
  
  3072:JRoInfeSBe8bRA9nr2SIz94udCWcE7Um3dkrQqvwwf24SkWd:JCm2cJb29nlI2udC1E7H3dkrXJR
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy