pony | b29f3b1eee8bdfc3d18c563ea7b6a768f4d0a3a1b42420e6ed2a75c8eb6242cb

General

Target

c17d721799ab9d8bdec0ba3ba6e0b5b1_JaffaCakes118
Size

83KB
Sample

241204-jcsdbasreq
MD5

c17d721799ab9d8bdec0ba3ba6e0b5b1
SHA1

1beec935c880fe1ccb6aa0ac939b8fc672dd0e6a
SHA256

b29f3b1eee8bdfc3d18c563ea7b6a768f4d0a3a1b42420e6ed2a75c8eb6242cb
SHA512

5962b036cfd86c5947e8f52a97a7f5741bd651185395f46f022a25c43cb7ef6ca5f6020e9c38cb2c2e209a67693746222573124529c0181d2f11b068097bbd25
SSDEEP

1536:BA5+83jL+Nsz7aZ7FEY+9z6bV+UKcp6jSIFQom0oPDPKpA9bccXJVWTFw:BA5+/Nce7+MUnTnFQom0I0JcXJt

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://crytili.info:1654/ero.php

http://fypse2u.info:1654/ero.php

Targets

- Target
  
  c17d721799ab9d8bdec0ba3ba6e0b5b1_JaffaCakes118
- Size
  
  83KB
- MD5
  
  c17d721799ab9d8bdec0ba3ba6e0b5b1
- SHA1
  
  1beec935c880fe1ccb6aa0ac939b8fc672dd0e6a
- SHA256
  
  b29f3b1eee8bdfc3d18c563ea7b6a768f4d0a3a1b42420e6ed2a75c8eb6242cb
- SHA512
  
  5962b036cfd86c5947e8f52a97a7f5741bd651185395f46f022a25c43cb7ef6ca5f6020e9c38cb2c2e209a67693746222573124529c0181d2f11b068097bbd25
- SSDEEP
  
  1536:BA5+83jL+Nsz7aZ7FEY+9z6bV+UKcp6jSIFQom0oPDPKpA9bccXJVWTFw:BA5+/Nce7+MUnTnFQom0I0JcXJt
Score

10^/10

pony credential_access defense_evasion discovery persistence rat spyware stealer upx
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2