pony | dbb7bd63f4a28471afa932c5469be56a4581b7b5c2962b39ff4e6bc1995addfe

General

Target

73cb2d12f37086071c08f340e666b2a9_JaffaCakes118
Size

60KB
Sample

241024-pytfdswfmc
MD5

73cb2d12f37086071c08f340e666b2a9
SHA1

bd5a0bd73512e74b4f4d59070ba59f4a3925ed81
SHA256

dbb7bd63f4a28471afa932c5469be56a4581b7b5c2962b39ff4e6bc1995addfe
SHA512

0184fcc624c6bea3d508fb40f77c4a18af43f694183e51df02692bb8e6498a27e7e34450728ce1fffdac590ceb61b83f0dec3bfca892c5ae38e68fc25af1e986
SSDEEP

1536:6gK2fzq+5hRpfv+7IwIUXp2+uAvyh97N/CtfNXUWSVOTdLo7Qj:6wLwIUXJuAvZvEWwMEQ

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://laxidline.info:9135/fly.php

Targets

- Target
  
  73cb2d12f37086071c08f340e666b2a9_JaffaCakes118
- Size
  
  60KB
- MD5
  
  73cb2d12f37086071c08f340e666b2a9
- SHA1
  
  bd5a0bd73512e74b4f4d59070ba59f4a3925ed81
- SHA256
  
  dbb7bd63f4a28471afa932c5469be56a4581b7b5c2962b39ff4e6bc1995addfe
- SHA512
  
  0184fcc624c6bea3d508fb40f77c4a18af43f694183e51df02692bb8e6498a27e7e34450728ce1fffdac590ceb61b83f0dec3bfca892c5ae38e68fc25af1e986
- SSDEEP
  
  1536:6gK2fzq+5hRpfv+7IwIUXp2+uAvyh97N/CtfNXUWSVOTdLo7Qj:6wLwIUXJuAvZvEWwMEQ
Score

10^/10

pony credential_access defense_evasion discovery persistence rat spyware stealer upx
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2