pony | 72ebff0d4b6598adf2df43066ea2978b6dff93790ff58feba6f641b28e7797f6 | Triage

Sharing

General

Target

465795eff3c3dc3c9f98292a8f87c580_JaffaCakes118
Size

132KB
Sample

241015-hkypmavbpk
MD5

465795eff3c3dc3c9f98292a8f87c580
SHA1

2ac57e0fa40916152f7a629667bb66719afe7784
SHA256

72ebff0d4b6598adf2df43066ea2978b6dff93790ff58feba6f641b28e7797f6
SHA512

b6be8411bc7177aa44899a8e5fe02c145ce5622cca22b45cc0b9ab8a8ee53d25cc5a7e37518ce1cd73fc557df6d961b75c34e89aa006d6d56f07ad4858ad56b4
SSDEEP

3072:DfbmUkNmOJeUl9rvi3Cr2XTvyV8hY+E1GIP:jb/k7vrvwc2vymK+aP

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://67.215.225.205:8080/forum/viewtopic.php

http://199.192.203.142/forum/viewtopic.php

Attributes

payload_url
http://bobinlaminasyonmakinalari.com/o9RYHbCx.exe

http://broadbentcompany.wsisrdev.com/KbGb.exe

http://changethechip.com/gseRtv.exe

http://directoryplanet.com/v3nxm.exe

Targets

- Target
  
  465795eff3c3dc3c9f98292a8f87c580_JaffaCakes118
- Size
  
  132KB
- MD5
  
  465795eff3c3dc3c9f98292a8f87c580
- SHA1
  
  2ac57e0fa40916152f7a629667bb66719afe7784
- SHA256
  
  72ebff0d4b6598adf2df43066ea2978b6dff93790ff58feba6f641b28e7797f6
- SHA512
  
  b6be8411bc7177aa44899a8e5fe02c145ce5622cca22b45cc0b9ab8a8ee53d25cc5a7e37518ce1cd73fc557df6d961b75c34e89aa006d6d56f07ad4858ad56b4
- SSDEEP
  
  3072:DfbmUkNmOJeUl9rvi3Cr2XTvyV8hY+E1GIP:jb/k7vrvwc2vymK+aP
Score

10^/10

pony discovery rat spyware stealer
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer