pony | ce9ae2916e9eed030f3524a6fd3c7041f9780550b2f8206d9f3a7bedd576de08

General

Target

6d7accb9618f1bf784cfc3c3bd0efeae_JaffaCakes118
Size

88KB
Sample

240730-b3eadawblc
MD5

6d7accb9618f1bf784cfc3c3bd0efeae
SHA1

2aab5c4a8ead10d6343cc140a981f83cdbee77ba
SHA256

ce9ae2916e9eed030f3524a6fd3c7041f9780550b2f8206d9f3a7bedd576de08
SHA512

0b1034133eb7ad2bb594ac4f240b436065b99499a6a9505f66b5a44b704d2472be38fc9dfa8fcfb01fe6bb1468f8951351c07d146a679bfc6e5d66ba63013f87
SSDEEP

1536:x3V3e8KytqTZkYu5SCvaDBzgM+5zu9kS24zxAkOg8WTvMEI2VkzZ3:9dOy+ubiDBzv+1H4OgYEIv3

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://empathydesign.org.uk/default.php?iJac5zOTzJJGiVcgderv6qrf239E4qz

http://esig.net63.net/default.php?qX1B8hI9kYK3jy71fT2K78BloL3fciCkBxbsj

http://ssearchh.com/default.php?taSc5c3a9FCFvsRyxeNNk8x9d4YdzakI8EBht9V

http://turbosquad.bplaced.net/default.php?RFxhrjW6tdFInmHK7L3FQrbmXZagX

http://marxveix.site11.com/default.php?n4csJnyIei2htyvcdX64g16xQVkCYKQd

Targets

- Target
  
  6d7accb9618f1bf784cfc3c3bd0efeae_JaffaCakes118
- Size
  
  88KB
- MD5
  
  6d7accb9618f1bf784cfc3c3bd0efeae
- SHA1
  
  2aab5c4a8ead10d6343cc140a981f83cdbee77ba
- SHA256
  
  ce9ae2916e9eed030f3524a6fd3c7041f9780550b2f8206d9f3a7bedd576de08
- SHA512
  
  0b1034133eb7ad2bb594ac4f240b436065b99499a6a9505f66b5a44b704d2472be38fc9dfa8fcfb01fe6bb1468f8951351c07d146a679bfc6e5d66ba63013f87
- SSDEEP
  
  1536:x3V3e8KytqTZkYu5SCvaDBzgM+5zu9kS24zxAkOg8WTvMEI2VkzZ3:9dOy+ubiDBzv+1H4OgYEIv3
Score

10^/10

pony collection credential_access discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2