pony | 25c1acaaecdd694a640689ad9f43d066ba0441ce6b3b84a889b47735493e80ec

General

Target

17e762a82dbedd620650565e41e3ee40_JaffaCakes118
Size

88KB
Sample

240728-t5wxbasgmq
MD5

17e762a82dbedd620650565e41e3ee40
SHA1

d470959bc079a28cd637908adb0fc7cd59088c4d
SHA256

25c1acaaecdd694a640689ad9f43d066ba0441ce6b3b84a889b47735493e80ec
SHA512

f5cdc105036960f569815d702b3cc4b6e649163b078ec53193c99a6012392f1a3eb616615c39afedd1529d8705dffc09ca8e774fa0fc6d7cae10f525d27c13b1
SSDEEP

1536:x3V3e8KytqTZkYu5SCvaDBzgM+5zu9kS24zxAkOg8WTvMEImkzZ3:9dOy+ubiDBzv+1H4OgYEIp3

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://test.adwokaci-zielonagora.pl/default.php?HcYfdRqicQIjmOxLMyAS221

http://ovalpix.co.uk/default.php?KYNy12uRlTWs3vPdgPTzhJvVm82v2wxWKQMKTK

http://jk-adventure.com/default.php?zKpDY8UQRekiLmUqTtLKGI6TNpr2slqJDQI

http://3bresearch.iadvancetech.com/default.php?mqrvCsuFnXbHgZQwBDawn3iJ

http://dotorebki.pl/default.php?uF4zJbOmw85p4rdetrGvNS7XYTKrbK9u36UpMa8

Targets

- Target
  
  17e762a82dbedd620650565e41e3ee40_JaffaCakes118
- Size
  
  88KB
- MD5
  
  17e762a82dbedd620650565e41e3ee40
- SHA1
  
  d470959bc079a28cd637908adb0fc7cd59088c4d
- SHA256
  
  25c1acaaecdd694a640689ad9f43d066ba0441ce6b3b84a889b47735493e80ec
- SHA512
  
  f5cdc105036960f569815d702b3cc4b6e649163b078ec53193c99a6012392f1a3eb616615c39afedd1529d8705dffc09ca8e774fa0fc6d7cae10f525d27c13b1
- SSDEEP
  
  1536:x3V3e8KytqTZkYu5SCvaDBzgM+5zu9kS24zxAkOg8WTvMEImkzZ3:9dOy+ubiDBzv+1H4OgYEIp3
Score

10^/10

pony collection credential_access discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2