pony | 13ae9ea10d5dcbacad599353983f028c6b00d1897acb1cf5685063406381bd6d | Triage

Sharing

General

Target

72aa6835d0ab99a2e0303b77cc65e98d_JaffaCakes118
Size

134KB
Sample

240726-fkzwks1bpd
MD5

72aa6835d0ab99a2e0303b77cc65e98d
SHA1

f9037015bb603e244b63b1ac89b0947a8340b8d9
SHA256

13ae9ea10d5dcbacad599353983f028c6b00d1897acb1cf5685063406381bd6d
SHA512

23768a107fd649d2fa4bbf7fee710cd5c9f85e74bb65a17d34d47fcaf5210496ef233a926758799e3ac8e88b92f6c85c440cc8bb06a56ff37b122f85735f15fd
SSDEEP

3072:RPY1lfQ9VDBFYahullSGq+pzN3yDKd2f/i:GeIaszYS

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://212.58.20.11:8080/pony/gate.php

http://74.91.117.208/pony/gate.php

Attributes

payload_url
http://sirsplashalot.com/GiMxHx9.exe

http://www.goldenstudio.ro/qKLDGSsF.exe

Targets

- Target
  
  72aa6835d0ab99a2e0303b77cc65e98d_JaffaCakes118
- Size
  
  134KB
- MD5
  
  72aa6835d0ab99a2e0303b77cc65e98d
- SHA1
  
  f9037015bb603e244b63b1ac89b0947a8340b8d9
- SHA256
  
  13ae9ea10d5dcbacad599353983f028c6b00d1897acb1cf5685063406381bd6d
- SHA512
  
  23768a107fd649d2fa4bbf7fee710cd5c9f85e74bb65a17d34d47fcaf5210496ef233a926758799e3ac8e88b92f6c85c440cc8bb06a56ff37b122f85735f15fd
- SSDEEP
  
  3072:RPY1lfQ9VDBFYahullSGq+pzN3yDKd2f/i:GeIaszYS
Score

10^/10

pony discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer