pony | 9ff9ef28896bff46e8439b8a9b257fc396d31b8eb07f9a61753b9d9a37e87822 | Triage

Sharing

General

Target

be313a53e96e1b17b88908a39482920e_JaffaCakes118
Size

99KB
Sample

241203-tnp3fasngz
MD5

be313a53e96e1b17b88908a39482920e
SHA1

f0c07a7b64b112b45ab41b9d2c2e2456340480b9
SHA256

9ff9ef28896bff46e8439b8a9b257fc396d31b8eb07f9a61753b9d9a37e87822
SHA512

1ecaf5a0515d8b31faaf27c139328d2b684958f2b8dd8e4047809cad98776f10be14be9a9a2345158d821194c8021f97eb4bbe1093705da698b57b75362ced48
SSDEEP

1536:3jAhGD2ijgORNMmTY8gltBEBfIpTNF7lkiz2Ip1WAmkdgBNo:XbjgWdY8gfyyTr6iSy1jDW

Score

10^/10

pony collection credential_access discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php

Targets

- Target
  
  be313a53e96e1b17b88908a39482920e_JaffaCakes118
- Size
  
  99KB
- MD5
  
  be313a53e96e1b17b88908a39482920e
- SHA1
  
  f0c07a7b64b112b45ab41b9d2c2e2456340480b9
- SHA256
  
  9ff9ef28896bff46e8439b8a9b257fc396d31b8eb07f9a61753b9d9a37e87822
- SHA512
  
  1ecaf5a0515d8b31faaf27c139328d2b684958f2b8dd8e4047809cad98776f10be14be9a9a2345158d821194c8021f97eb4bbe1093705da698b57b75362ced48
- SSDEEP
  
  1536:3jAhGD2ijgORNMmTY8gltBEBfIpTNF7lkiz2Ip1WAmkdgBNo:XbjgWdY8gfyyTr6iSy1jDW
Score

10^/10

pony collection credential_access discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectioncredential_accessdiscoveryratspywarestealer

behavioral2