pony | 9391ff6acbcfac30c259a3e3448ff3e9f025ba3176451b7867a242be63a37c82

General

Target

103e41af98e72c5b357290fbc99dc798_JaffaCakes118
Size

252KB
Sample

241003-x6al9awdna
MD5

103e41af98e72c5b357290fbc99dc798
SHA1

26c229095dc3ac97634c3a6b581ce96d19295305
SHA256

9391ff6acbcfac30c259a3e3448ff3e9f025ba3176451b7867a242be63a37c82
SHA512

afd4793dd3efd3e27da039d95e2288e98312744b444b3cc4c50fdf5be0f4f1414df57dd98e7aeb70fc44aa0a6bc31c92758dd2a8dc4dc2f3ad53f0d595c3c847
SSDEEP

3072:/doAAx8vuAsNJUvRmwnQ/1y1gyXIWLdoAAx8vuAsNJUvRmwnQ/1y1gyXIW00F:6dkQJUvQe01yYWmdkQJUvQe01yYW08

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://5.smartsol.net/forum/viewtopic.php

http://5.turismohabitacaoacores.com/forum/viewtopic.php

Attributes

payload_url
http://rochanhouse.com/VMS.exe

http://pibbebedouro.com.br/YyCxRt.exe

http://www.as-you-likeit.co.uk/STPRvE6.exe

http://newgames2girls.com/4UNH.exe

http://kipadanceacademy.com/crvFb.exe

http://nesamithran.com/eBB.exe

http://william.one2.it/s74ZVST.exe

http://www.concreartrs.com.br/2joFkts3.exe

Targets

- Target
  
  103e41af98e72c5b357290fbc99dc798_JaffaCakes118
- Size
  
  252KB
- MD5
  
  103e41af98e72c5b357290fbc99dc798
- SHA1
  
  26c229095dc3ac97634c3a6b581ce96d19295305
- SHA256
  
  9391ff6acbcfac30c259a3e3448ff3e9f025ba3176451b7867a242be63a37c82
- SHA512
  
  afd4793dd3efd3e27da039d95e2288e98312744b444b3cc4c50fdf5be0f4f1414df57dd98e7aeb70fc44aa0a6bc31c92758dd2a8dc4dc2f3ad53f0d595c3c847
- SSDEEP
  
  3072:/doAAx8vuAsNJUvRmwnQ/1y1gyXIWLdoAAx8vuAsNJUvRmwnQ/1y1gyXIW00F:6dkQJUvQe01yYWmdkQJUvQe01yYW08
Score

10^/10

pony collection credential_access discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2