pony | 307f288685efa3681555e207e637a7a3b7b1f8e934f560c936a5ac03124f8d1b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

b53e01ddbe...18.exe

windows7-x64

b53e01ddbe...18.exe

windows10-2004-x64

Sharing

General

Target

b53e01ddbe498d14bc2a1e6386fe96c5_JaffaCakes118
Size

161KB
Sample

240616-z4pdqsybqe
MD5

b53e01ddbe498d14bc2a1e6386fe96c5
SHA1

ea85db581c3d5795fe8a234e73eff06b943bd2cb
SHA256

307f288685efa3681555e207e637a7a3b7b1f8e934f560c936a5ac03124f8d1b
SHA512

558ad5f8705615cad3182d72979fd09c47db8a14b7b266bcbc538f2cb752ab738d2a96316b918a5ee82937c3c4886e6ae725a084013b2a873770d81673a9e1af
SSDEEP

3072:siTLZhs0uDI0rAfOXl+y+uql/GOtsrVrqhTqndtndhndKnd6:HTLFuD6fOXlql/GLJrqqndtndhndKnd6

Score

10^/10

pony collection discovery rat spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b53e01ddbe498d14bc2a1e6386fe96c5_JaffaCakes118.exe

Resource

win7-20240611-en

pony collection discovery rat spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b53e01ddbe498d14bc2a1e6386fe96c5_JaffaCakes118.exe

Resource

win10v2004-20240611-en

pony collection discovery rat spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://butterchoco.net/admin/bull/gate.php

Targets

- Target
  
  b53e01ddbe498d14bc2a1e6386fe96c5_JaffaCakes118
- Size
  
  161KB
- MD5
  
  b53e01ddbe498d14bc2a1e6386fe96c5
- SHA1
  
  ea85db581c3d5795fe8a234e73eff06b943bd2cb
- SHA256
  
  307f288685efa3681555e207e637a7a3b7b1f8e934f560c936a5ac03124f8d1b
- SHA512
  
  558ad5f8705615cad3182d72979fd09c47db8a14b7b266bcbc538f2cb752ab738d2a96316b918a5ee82937c3c4886e6ae725a084013b2a873770d81673a9e1af
- SSDEEP
  
  3072:siTLZhs0uDI0rAfOXl+y+uql/GOtsrVrqhTqndtndhndKnd6:HTLFuD6fOXlql/GLJrqqndtndhndKnd6
Score

10^/10

pony collection discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectiondiscoveryratspywarestealer

behavioral2

ponycollectiondiscoveryratspywarestealer

© 2018-2025

Terms | Privacy