pony | 8abda48d158a2f9f4bc46409d75f3a1da21e94254b6d58abdc1a34b15913d3d7 | Triage

Sharing

General

Target

004b99c7f22dae72be75009dbc37a1ed_JaffaCakes118
Size

2.2MB
Sample

240426-jhg5jabh5v
MD5

004b99c7f22dae72be75009dbc37a1ed
SHA1

65a4deebd20b9118783648d683b9b937155992b1
SHA256

8abda48d158a2f9f4bc46409d75f3a1da21e94254b6d58abdc1a34b15913d3d7
SHA512

79273b141641db85e7af24683734ee8a6dc7c0d9c3efa1e50d88a6bae6b536498f8c8a952fb13030a8d205f738f59c17641460cb4cdc50416b7c108cbc514b88
SSDEEP

24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ7:0UzeyQMS4DqodCnoe+iitjWwwP

Score

10^/10

pony rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes

payload_url
http://don.service-master.eu/shit.exe

Targets

- Target
  
  004b99c7f22dae72be75009dbc37a1ed_JaffaCakes118
- Size
  
  2.2MB
- MD5
  
  004b99c7f22dae72be75009dbc37a1ed
- SHA1
  
  65a4deebd20b9118783648d683b9b937155992b1
- SHA256
  
  8abda48d158a2f9f4bc46409d75f3a1da21e94254b6d58abdc1a34b15913d3d7
- SHA512
  
  79273b141641db85e7af24683734ee8a6dc7c0d9c3efa1e50d88a6bae6b536498f8c8a952fb13030a8d205f738f59c17641460cb4cdc50416b7c108cbc514b88
- SSDEEP
  
  24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ7:0UzeyQMS4DqodCnoe+iitjWwwP
Score

10^/10

pony rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ponyratspywarestealer

behavioral2

ponyratspywarestealer