pony | 87e1073b2784387112b20462c966c352a67dccab9b16cad4b3b9f792f565f87d

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 20:46

Target

2626edb77950ab6d0a9ec0c2eb584946_JaffaCakes118.exe
Size

128KB
MD5

2626edb77950ab6d0a9ec0c2eb584946
SHA1

8d53bc051b9569c15d6682a6c20b71953bd36306
SHA256

87e1073b2784387112b20462c966c352a67dccab9b16cad4b3b9f792f565f87d
SHA512

8d2bebfff27060b6b0f98045d07ff9c53325a6de4a8cded870a4da109edbd979eecc3a0f35f9dc75786f4614c8ab1237461577dc728f6912dc6056241f913fd3
SSDEEP

3072:uGHi6mwNZwZeqj1z5bMRTUXk9mFfVb28pi1p0Sg:+6ZRqj1z5CmkE328pi7

Score

10^/10

Family

pony

http://67.215.225.205:8080/forum/viewtopic.php

http://50.116.13.230/forum/viewtopic.php

Attributes

payload_url
http://mega105fm.com/bb7tBrft.exe

http://cpps.or.id/KwV8AXN.exe

http://citleg.org/UptP.exe

Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
rat spyware stealer pony

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 4848	5112	2626edb77950ab6d0a9ec0c2eb584946_JaffaCakes118.exe	83
PID 5112 wrote to memory of 4848	5112	2626edb77950ab6d0a9ec0c2eb584946_JaffaCakes118.exe	83
PID 5112 wrote to memory of 4848	5112	2626edb77950ab6d0a9ec0c2eb584946_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\2626edb77950ab6d0a9ec0c2eb584946_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2626edb77950ab6d0a9ec0c2eb584946_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Users\Admin\AppData\Local\Temp\2626edb77950ab6d0a9ec0c2eb584946_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\2626edb77950ab6d0a9ec0c2eb584946_JaffaCakes118.exe"
  2⤵
  PID:4848

memory/5112-0-0x0000000000A30000-0x0000000000A54000-memory.dmp

Filesize
144KB

Download
memory/5112-1-0x0000000000A30000-0x0000000000A54000-memory.dmp

Filesize
144KB

Download