pony | 4f933abd897e5366bbb8c3d34cfe0b002cae94c36fd0af3d06297482b2d52b4e

General

Target

b77d3109371f927ef61f9e3e1b36e670_JaffaCakes118
Size

95KB
Sample

241202-h9fkca1jhk
MD5

b77d3109371f927ef61f9e3e1b36e670
SHA1

753a386bebe1fa4b2286c17a571c808f0b3eb263
SHA256

4f933abd897e5366bbb8c3d34cfe0b002cae94c36fd0af3d06297482b2d52b4e
SHA512

f1a099c6422eb727efb79badcbd38338d37565b703a33e30801ebc33cf659906c3f2d1c74b7ae48e8e96b9a1449c219dffe153407c4eef80edad311e166e7d5d
SSDEEP

1536:nNEtQrCwzs6yO+s8iiUExoM/ygXNRxkusQRDV0sK1MbFUJno:nNPCwzDyFs8iyoM6gX5YQRB0sjad

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://mtfksui.pw:4915/way/like.php

http://ghkeoud.pw:4915/way/like.php

Targets

- Target
  
  b77d3109371f927ef61f9e3e1b36e670_JaffaCakes118
- Size
  
  95KB
- MD5
  
  b77d3109371f927ef61f9e3e1b36e670
- SHA1
  
  753a386bebe1fa4b2286c17a571c808f0b3eb263
- SHA256
  
  4f933abd897e5366bbb8c3d34cfe0b002cae94c36fd0af3d06297482b2d52b4e
- SHA512
  
  f1a099c6422eb727efb79badcbd38338d37565b703a33e30801ebc33cf659906c3f2d1c74b7ae48e8e96b9a1449c219dffe153407c4eef80edad311e166e7d5d
- SSDEEP
  
  1536:nNEtQrCwzs6yO+s8iiUExoM/ygXNRxkusQRDV0sK1MbFUJno:nNPCwzDyFs8iyoM6gX5YQRB0sjad
Score

10^/10

pony collection credential_access defense_evasion discovery rat spyware stealer upx
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2