pony | a2247035bcbf7a88dd353f0acfcdb9128e81985c17012b5e1a070fa2ef04b785 | Triage

Sharing

General

Target

9f9385d923a102a9fe60cc2bfcd8449a_JaffaCakes118
Size

93KB
Sample

241126-d2vxvayndm
MD5

9f9385d923a102a9fe60cc2bfcd8449a
SHA1

e5fc7ec7c56c04330c8129501e490563a804a82e
SHA256

a2247035bcbf7a88dd353f0acfcdb9128e81985c17012b5e1a070fa2ef04b785
SHA512

c4b653a258d38177bef352ea0b3433eef1c45b048e90fb3ecab5b45765efc7d3064a642a36f0f591703c07330d023cef30dadece00699ecc006790bb2eaaa363
SSDEEP

1536:qMHiW2BBcqMCcntjHNpIxpMH5MMpbvRdgWEdMcvIZwo3HAvXcEdpKDSXcF:qMH/cBKntjj8pIppvRdLEdLQZwgMMSpf

Score

10^/10

pony credential_access discovery rat spyware stealer

Malware Config

Targets

- Target
  
  9f9385d923a102a9fe60cc2bfcd8449a_JaffaCakes118
- Size
  
  93KB
- MD5
  
  9f9385d923a102a9fe60cc2bfcd8449a
- SHA1
  
  e5fc7ec7c56c04330c8129501e490563a804a82e
- SHA256
  
  a2247035bcbf7a88dd353f0acfcdb9128e81985c17012b5e1a070fa2ef04b785
- SHA512
  
  c4b653a258d38177bef352ea0b3433eef1c45b048e90fb3ecab5b45765efc7d3064a642a36f0f591703c07330d023cef30dadece00699ecc006790bb2eaaa363
- SSDEEP
  
  1536:qMHiW2BBcqMCcntjHNpIxpMH5MMpbvRdgWEdMcvIZwo3HAvXcEdpKDSXcF:qMH/cBKntjj8pIppvRdLEdLQZwgMMSpf
Score

10^/10

pony credential_access discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycredential_accessdiscoveryratspywarestealer

behavioral2

ponycredential_accessdiscoveryratspywarestealer