pony | 178a95fbf68493fb68d9ad1e991bbb1f424b605b6d6936667ae043b2f00e5793

General

Target

178a95fbf68493fb68d9ad1e991bbb1f424b605b6d6936667ae043b2f00e5793.exe
Size

102KB
Sample

241202-sanf1syldy
MD5

bad5f1985ab1659c03cd973b8e20dce6
SHA1

994e0658a3fe355d0d8737e71472435693978286
SHA256

178a95fbf68493fb68d9ad1e991bbb1f424b605b6d6936667ae043b2f00e5793
SHA512

f76d6e66feacdf31b537aa7e9e8a857d35280a1bde6b0f28663ae0df8b90d49f66bb27edc5767ef791b9eb5f215207b5f818e939ad1588865f195b84ec7de325
SSDEEP

1536:zLKgcGTGv3jidXitUkFQIILQODrAppGXQN60GtOA4VxGfoypvcF+fOvka/a:XK+lSHFQIIcsA3MOA2GlvN5a/a

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://xhfdrtu.pw:4915/doc/black.php

http://xhfdrtu.pw:888/doc/black.php

Attributes

payload_url
http://mimedyf.pw:888/pic/Flash.exe

Targets

- Target
  
  178a95fbf68493fb68d9ad1e991bbb1f424b605b6d6936667ae043b2f00e5793.exe
- Size
  
  102KB
- MD5
  
  bad5f1985ab1659c03cd973b8e20dce6
- SHA1
  
  994e0658a3fe355d0d8737e71472435693978286
- SHA256
  
  178a95fbf68493fb68d9ad1e991bbb1f424b605b6d6936667ae043b2f00e5793
- SHA512
  
  f76d6e66feacdf31b537aa7e9e8a857d35280a1bde6b0f28663ae0df8b90d49f66bb27edc5767ef791b9eb5f215207b5f818e939ad1588865f195b84ec7de325
- SSDEEP
  
  1536:zLKgcGTGv3jidXitUkFQIILQODrAppGXQN60GtOA4VxGfoypvcF+fOvka/a:XK+lSHFQIIcsA3MOA2GlvN5a/a
Score

10^/10

pony collection credential_access defense_evasion discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2