pony | ed75c9ecd45eb487354abc0b40b4ea5c27cdc636cbbc07d55241a65cc3004efa

General

Target

6c342e7a6c35a6b758653119f15457af_JaffaCakes118
Size

91KB
Sample

240730-bjbp5svbrg
MD5

6c342e7a6c35a6b758653119f15457af
SHA1

7b7377a5a0f97219ef24b31096c74d43b0993aa8
SHA256

ed75c9ecd45eb487354abc0b40b4ea5c27cdc636cbbc07d55241a65cc3004efa
SHA512

1f2bb8d38ac3400868d3080714c128f396e457bd299edfd5ed2efc897b8b956cb09cd7a6e2583949c2c916f6cc3777b2d14faa60129f9ae0620812d1c2a3b2f0
SSDEEP

1536:I0Q89eYqqTn2Nnb6omC4rTqdPzpGSRuCscRaquHmjlBO+IkETvKEKLkzmj9:HiY+2o6rTqdPzpGSDrRaaBOhmEKzZ

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://116.122.158.195:8080/forum/viewtopic.php

http://siteseoguide.com:8080/forum/viewtopic.php

http://uksonlinedating.com:8080/forum/viewtopic.php

http://199.59.56.105:8080/forum/viewtopic.php

Attributes

payload_url
http://dinodel.de/as0vC.exe

http://www.mssdatamasters.com/U2iuT.exe

http://www.jwenba.de/X6HF4.exe

Targets

- Target
  
  6c342e7a6c35a6b758653119f15457af_JaffaCakes118
- Size
  
  91KB
- MD5
  
  6c342e7a6c35a6b758653119f15457af
- SHA1
  
  7b7377a5a0f97219ef24b31096c74d43b0993aa8
- SHA256
  
  ed75c9ecd45eb487354abc0b40b4ea5c27cdc636cbbc07d55241a65cc3004efa
- SHA512
  
  1f2bb8d38ac3400868d3080714c128f396e457bd299edfd5ed2efc897b8b956cb09cd7a6e2583949c2c916f6cc3777b2d14faa60129f9ae0620812d1c2a3b2f0
- SSDEEP
  
  1536:I0Q89eYqqTn2Nnb6omC4rTqdPzpGSRuCscRaquHmjlBO+IkETvKEKLkzmj9:HiY+2o6rTqdPzpGSDrRaaBOhmEKzZ
Score

10^/10

pony collection credential_access discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2