pony | efc571defd30c72dee512c1470b43cc4a537c00ed8233e172380dcb66d10e48d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11a5bb69b695c1ae108e81502675d364_JaffaCakes118
Size

68KB
Sample

240504-h47rmsaa42
MD5

11a5bb69b695c1ae108e81502675d364
SHA1

384e2d1c71ea8713cbf5a17bd5342b4445d525d1
SHA256

efc571defd30c72dee512c1470b43cc4a537c00ed8233e172380dcb66d10e48d
SHA512

3834ee2645014e5f8fd37cf16fc06559c914de4de3a423945eaa9ed92593d3d35374004e897bbf2ac977d3a1e6befa1bffe748c28b04984c09dbf9a4cfe7bab2
SSDEEP

1536:bjJbKQOqTjCEvR9VwO5ZbuOqxvv/kzLA/aZd/:/hjV9VwSZKOq9/aZ

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Targets

- Target
  
  11a5bb69b695c1ae108e81502675d364_JaffaCakes118
- Size
  
  68KB
- MD5
  
  11a5bb69b695c1ae108e81502675d364
- SHA1
  
  384e2d1c71ea8713cbf5a17bd5342b4445d525d1
- SHA256
  
  efc571defd30c72dee512c1470b43cc4a537c00ed8233e172380dcb66d10e48d
- SHA512
  
  3834ee2645014e5f8fd37cf16fc06559c914de4de3a423945eaa9ed92593d3d35374004e897bbf2ac977d3a1e6befa1bffe748c28b04984c09dbf9a4cfe7bab2
- SSDEEP
  
  1536:bjJbKQOqTjCEvR9VwO5ZbuOqxvv/kzLA/aZd/:/hjV9VwSZKOq9/aZ
Score

10^/10

pony discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer