pony | 2c5d6d9f4466c9d4551ccc7c32b7be9bcfb2c8be7ef968928069ca054c12dd16 | Triage

Submit
Reports

Overview

overview

Static

static

5

8996599ff8...18.exe

windows7-x64

7

8996599ff8...18.exe

windows10-2004-x64

Sharing

General

Target

8996599ff87d740c55f576bafca8dd3a_JaffaCakes118
Size

980KB
Sample

240402-l291rsdg81
MD5

8996599ff87d740c55f576bafca8dd3a
SHA1

907f47d81a3c239518782aa451ed1adf143d1c8a
SHA256

2c5d6d9f4466c9d4551ccc7c32b7be9bcfb2c8be7ef968928069ca054c12dd16
SHA512

6d038b9ae9d7a014e98d0075a1c781bf5face0c4395754d92d4c81a86b85ba79ab1748ce10a895f68a4e01231b22b5e5fbbdade1df1d922855605424acf598ac
SSDEEP

24576:RAHnh+eWsN3skA4RV1Hom2KXFmIayMS6BnuZTdg4Z5:oh+ZkldoPK1XayQuZqe

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8996599ff87d740c55f576bafca8dd3a_JaffaCakes118.exe

Resource

win7-20240221-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

8996599ff87d740c55f576bafca8dd3a_JaffaCakes118.exe

Resource

win10v2004-20231215-en

pony collection discovery rat spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://mgimpax.com/test/test/gate.php

http://visionhvac.in/www/WnFFIpXpxzNEWFILE.jar

Targets

- Target
  
  8996599ff87d740c55f576bafca8dd3a_JaffaCakes118
- Size
  
  980KB
- MD5
  
  8996599ff87d740c55f576bafca8dd3a
- SHA1
  
  907f47d81a3c239518782aa451ed1adf143d1c8a
- SHA256
  
  2c5d6d9f4466c9d4551ccc7c32b7be9bcfb2c8be7ef968928069ca054c12dd16
- SHA512
  
  6d038b9ae9d7a014e98d0075a1c781bf5face0c4395754d92d4c81a86b85ba79ab1748ce10a895f68a4e01231b22b5e5fbbdade1df1d922855605424acf598ac
- SSDEEP
  
  24576:RAHnh+eWsN3skA4RV1Hom2KXFmIayMS6BnuZTdg4Z5:oh+ZkldoPK1XayQuZqe
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2024

Terms | Privacy