pony | 54a58615e0977195fb3437c2b0137c53b062e6fb2476ec88aa9ca1c4215242f5 | Triage

Sharing

General

Target

d78cbdcefa7727d160b346755de16694_JaffaCakes118
Size

146KB
Sample

240910-ef7j7axcmh
MD5

d78cbdcefa7727d160b346755de16694
SHA1

cbe5e2e1efb3f79912ed36e9698bfc099b8fc156
SHA256

54a58615e0977195fb3437c2b0137c53b062e6fb2476ec88aa9ca1c4215242f5
SHA512

376d836aa49681d29a7c2a371a3ff19e8a8e41008df5e02330f2eed359a9bb90f3bb34c05169c5a690b2f6e14bc76ad80339458e9f42a980f3ddcb27529224bb
SSDEEP

3072:9JalUDeCLq3TTD0Tv05Cf4EmZlAckdCAqacExhnLsVHruk:6FP3TbG4TlxkdVtLst

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://66.55.89.148:8080/forum/viewtopic.php

http://66.55.89.149:8080/forum/viewtopic.php

Attributes

payload_url
http://www.komzedo.com.ba/oEj.exe

http://agradealuminium.com.au/JiKi.exe

http://elektrabukacek.cz/hs9HBpbT.exe

Targets

- Target
  
  d78cbdcefa7727d160b346755de16694_JaffaCakes118
- Size
  
  146KB
- MD5
  
  d78cbdcefa7727d160b346755de16694
- SHA1
  
  cbe5e2e1efb3f79912ed36e9698bfc099b8fc156
- SHA256
  
  54a58615e0977195fb3437c2b0137c53b062e6fb2476ec88aa9ca1c4215242f5
- SHA512
  
  376d836aa49681d29a7c2a371a3ff19e8a8e41008df5e02330f2eed359a9bb90f3bb34c05169c5a690b2f6e14bc76ad80339458e9f42a980f3ddcb27529224bb
- SSDEEP
  
  3072:9JalUDeCLq3TTD0Tv05Cf4EmZlAckdCAqacExhnLsVHruk:6FP3TbG4TlxkdVtLst
Score

10^/10

pony discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer