pony | 66ea60102431493c2ae3e4b0a243bdc3d65ee0930f44472bc907eb968a4a8b92 | Triage

Sharing

General

Target

ecb04ca0fcc22e80431eaf4dcb33ff6d_JaffaCakes118
Size

112KB
Sample

240920-c8swdsvbqh
MD5

ecb04ca0fcc22e80431eaf4dcb33ff6d
SHA1

080ccc5a15b951ba0ede5242d693a4f62b8f5e7d
SHA256

66ea60102431493c2ae3e4b0a243bdc3d65ee0930f44472bc907eb968a4a8b92
SHA512

3ff25b6af4be761c0ab54d47a7626d54369fb7c184e1de62cefaf4a892124181f45b6de5cc9ddb55684c068e3d129ec942dea63067a815365b82afe4db559d37
SSDEEP

1536:MrRMnSncgyGqTDRXmGcwSCfZDalZNg9tvo0iO3AX4ApTvMEIGkzZaO7Q:MroSnMuGc/CfZDap6COU45EIJaO7

Score

10^/10

pony discovery rat spyware stealer upx

Malware Config

Extracted

Family

pony

C2

http://162.144.195.33/~myvm2/wp-admin/images/panel/panel/gate.php

Attributes

payload_url
http://162.144.195.33/~myvm2/wp-admin/images/panel/panel/shit.exe

Targets

- Target
  
  ecb04ca0fcc22e80431eaf4dcb33ff6d_JaffaCakes118
- Size
  
  112KB
- MD5
  
  ecb04ca0fcc22e80431eaf4dcb33ff6d
- SHA1
  
  080ccc5a15b951ba0ede5242d693a4f62b8f5e7d
- SHA256
  
  66ea60102431493c2ae3e4b0a243bdc3d65ee0930f44472bc907eb968a4a8b92
- SHA512
  
  3ff25b6af4be761c0ab54d47a7626d54369fb7c184e1de62cefaf4a892124181f45b6de5cc9ddb55684c068e3d129ec942dea63067a815365b82afe4db559d37
- SSDEEP
  
  1536:MrRMnSncgyGqTDRXmGcwSCfZDalZNg9tvo0iO3AX4ApTvMEIGkzZaO7Q:MroSnMuGc/CfZDap6COU45EIJaO7
Score

10^/10

pony rat spyware stealer upx discovery
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponyratspywarestealerupx

behavioral2

ponydiscoveryratspywarestealerupx