pony | 8f85f5216d69445f9928e79dc520eb2f1b7a3067d4fd800c524235d5ca344edd | Triage

Sharing

General

Target

f015d66d261005b5cf2b6e9e02bdb796_JaffaCakes118
Size

137KB
Sample

240921-staz2azcqr
MD5

f015d66d261005b5cf2b6e9e02bdb796
SHA1

8e4eebc34108a65bc5d705e939d9f011318d1985
SHA256

8f85f5216d69445f9928e79dc520eb2f1b7a3067d4fd800c524235d5ca344edd
SHA512

1fc34f0d71641fdbb0e41d77d45e773b9e6fb4714bdc47923620b44b29b91b71746c902e6e18224d61530150407e724a642ebd9cc460bc293991937769551b64
SSDEEP

3072:UyLhtUlHAnBYOEHEbAuqAwI80WMbKLfLlZh/m4:UOUlgnaBEczr0aLDN/p

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://www.alberghi.com:8080/pony/gate.php

http://buyandsmile.atomclick.co:8080/pony/gate.php

Attributes

payload_url
http://ftp.eburneenne.com/7zBY7xS.exe

http://www.spetter.com/mi19YgV.exe

http://photosfoto.com/uTM.exe

http://www.daginternacional.com/trXe.exe

Targets

- Target
  
  f015d66d261005b5cf2b6e9e02bdb796_JaffaCakes118
- Size
  
  137KB
- MD5
  
  f015d66d261005b5cf2b6e9e02bdb796
- SHA1
  
  8e4eebc34108a65bc5d705e939d9f011318d1985
- SHA256
  
  8f85f5216d69445f9928e79dc520eb2f1b7a3067d4fd800c524235d5ca344edd
- SHA512
  
  1fc34f0d71641fdbb0e41d77d45e773b9e6fb4714bdc47923620b44b29b91b71746c902e6e18224d61530150407e724a642ebd9cc460bc293991937769551b64
- SSDEEP
  
  3072:UyLhtUlHAnBYOEHEbAuqAwI80WMbKLfLlZh/m4:UOUlgnaBEczr0aLDN/p
Score

10^/10

pony discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer