pony | c73930e9c55cb3b560de4c46fd8d2db976f02b736ca227ae09eacfd3301661a3 | Triage

Sharing

General

Target

8440691b61d3b63ceab811d23d0343df_JaffaCakes118
Size

128KB
Sample

241101-h1jweayejk
MD5

8440691b61d3b63ceab811d23d0343df
SHA1

34296f8690bec5e707b9e3d4c4aed3e0c7acb5f3
SHA256

c73930e9c55cb3b560de4c46fd8d2db976f02b736ca227ae09eacfd3301661a3
SHA512

5ca57340d4ce65da6c6e83db7d73a8ae29ee032b2a75e6670f9eeb6a1d22b0275e20efd706c8f390a72adccba68a82fc77f017c99e381c2069465c4083f12f9d
SSDEEP

3072:uGHi6mwdfyGLCNpW6ZCNRXUPw8+4OYoG49AJq:+Wf6NpW6ZCv8+nG4m

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://67.215.225.205:8080/forum/viewtopic.php

http://216.231.139.111/forum/viewtopic.php

Attributes

payload_url
http://sigarra17.altervista.org/1C3.exe

http://codglobal.com/9WsB.exe

http://edpromagna.zeronove.it/pUR.exe

Targets

- Target
  
  8440691b61d3b63ceab811d23d0343df_JaffaCakes118
- Size
  
  128KB
- MD5
  
  8440691b61d3b63ceab811d23d0343df
- SHA1
  
  34296f8690bec5e707b9e3d4c4aed3e0c7acb5f3
- SHA256
  
  c73930e9c55cb3b560de4c46fd8d2db976f02b736ca227ae09eacfd3301661a3
- SHA512
  
  5ca57340d4ce65da6c6e83db7d73a8ae29ee032b2a75e6670f9eeb6a1d22b0275e20efd706c8f390a72adccba68a82fc77f017c99e381c2069465c4083f12f9d
- SSDEEP
  
  3072:uGHi6mwdfyGLCNpW6ZCNRXUPw8+4OYoG49AJq:+Wf6NpW6ZCv8+nG4m
Score

10^/10

pony discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer