pony | 67fe17a7cfd78582017463b7a82f288e861027797279572b1eb047bf32986f20

General

Target

59a7c92746808063cef23487b7978853_JaffaCakes118
Size

91KB
Sample

240729-xkpjaavbpl
MD5

59a7c92746808063cef23487b7978853
SHA1

d9fed1fb3672976dce3e1c277e9333ec4496edcc
SHA256

67fe17a7cfd78582017463b7a82f288e861027797279572b1eb047bf32986f20
SHA512

eec7fce6e878dd308351ddfc1aeeed0301e5198781f4040f8f7ebfe609c6f6aab27a1ebe8f562046c1dd96fa46093d01b9a49612fbe310041c9fd9860cddc870
SSDEEP

1536:wSv9e7gumqToINZSRP+FP/bJXzrpSO58BDPy7htpFREbOQMpeTvXEwokzm+t:9Pun4P+1JXzrpSHby7ObOvkEwUC

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://www.awdoh-cpa.com:8080/forum/viewtopic.php

http://195.225.168.127:8080/forum/viewtopic.php

http://tracciatoecm.it:8080/forum/viewtopic.php

http://209.114.32.36:8080/forum/viewtopic.php

Attributes

payload_url
http://sjr-offenbach.de/6HAt3sXp.exe

http://www.hutwaltraud.de/GpWX8yo.exe

http://industrial.uc-se.com/f8mg.exe

http://www.bvb-auguren.de/kang.exe

http://krischker.boxler-online.de/wsTEBf1.exe

http://scored202.org/Dia0h.exe

Targets

- Target
  
  59a7c92746808063cef23487b7978853_JaffaCakes118
- Size
  
  91KB
- MD5
  
  59a7c92746808063cef23487b7978853
- SHA1
  
  d9fed1fb3672976dce3e1c277e9333ec4496edcc
- SHA256
  
  67fe17a7cfd78582017463b7a82f288e861027797279572b1eb047bf32986f20
- SHA512
  
  eec7fce6e878dd308351ddfc1aeeed0301e5198781f4040f8f7ebfe609c6f6aab27a1ebe8f562046c1dd96fa46093d01b9a49612fbe310041c9fd9860cddc870
- SSDEEP
  
  1536:wSv9e7gumqToINZSRP+FP/bJXzrpSO58BDPy7htpFREbOQMpeTvXEwokzm+t:9Pun4P+1JXzrpSHby7ObOvkEwUC
Score

10^/10

pony collection credential_access discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2