pony | fc8f07a736210277e2b24484641b5b5b6931abbab7aa5753c937c0d40ce096df | Triage

Submit
Reports

Overview

overview

Static

static

3

03d6411aeb...18.exe

windows7-x64

03d6411aeb...18.exe

windows10-2004-x64

Sharing

General

Target

03d6411aeb14f553a7cc05eabebc37d3_JaffaCakes118
Size

50KB
Sample

241001-bc995axcne
MD5

03d6411aeb14f553a7cc05eabebc37d3
SHA1

967a48633bf59bc89b7d526b652e25705f1a633f
SHA256

fc8f07a736210277e2b24484641b5b5b6931abbab7aa5753c937c0d40ce096df
SHA512

216f7dc70ae5c174818862bf45b00146839c14f29873f6275b752e6e337d30d2bbdbad1ff481ba1c4e4daa27b23df9e74a72c87b8e1efd7a589bb46203f05f5a
SSDEEP

1536:p+pt3zNfsAd7ZZXbStvQ2w/GsQe6SXMK7d:p+3jf7XKvlwusQ2Xjd

Score

10^/10

pony discovery rat spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

03d6411aeb14f553a7cc05eabebc37d3_JaffaCakes118.exe

Resource

win7-20240903-en

pony discovery rat spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

03d6411aeb14f553a7cc05eabebc37d3_JaffaCakes118.exe

Resource

win10v2004-20240802-en

pony discovery rat spyware stealer upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://127.0.0.1/p.php

Attributes

payload_url
http://pontocomercial.com.pt/api/default.exe

Targets

- Target
  
  03d6411aeb14f553a7cc05eabebc37d3_JaffaCakes118
- Size
  
  50KB
- MD5
  
  03d6411aeb14f553a7cc05eabebc37d3
- SHA1
  
  967a48633bf59bc89b7d526b652e25705f1a633f
- SHA256
  
  fc8f07a736210277e2b24484641b5b5b6931abbab7aa5753c937c0d40ce096df
- SHA512
  
  216f7dc70ae5c174818862bf45b00146839c14f29873f6275b752e6e337d30d2bbdbad1ff481ba1c4e4daa27b23df9e74a72c87b8e1efd7a589bb46203f05f5a
- SSDEEP
  
  1536:p+pt3zNfsAd7ZZXbStvQ2w/GsQe6SXMK7d:p+3jf7XKvlwusQ2Xjd
Score

10^/10

pony discovery rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealerupx

behavioral2

ponydiscoveryratspywarestealerupx

© 2018-2025

Terms | Privacy