pony | e2338ed399a109ecd1c4e1a1bf0d0e9086645a267f791b3d9ae72a0ad40e6835 | Triage

Sharing

General

Target

e20e68f352c163066c15e6f2ee4470c3_JaffaCakes118
Size

229KB
Sample

241211-snkbhssmcq
MD5

e20e68f352c163066c15e6f2ee4470c3
SHA1

c624cd08c4e0e8432fcc857c4f52096a65034518
SHA256

e2338ed399a109ecd1c4e1a1bf0d0e9086645a267f791b3d9ae72a0ad40e6835
SHA512

f92187d35664f09987070e6ce215fea61e03ec82045b29e118ff55099bc7611cd72436cd85858421fd83e2ff7b0b9a4f99da153c33b828327f201bc3e26699d5
SSDEEP

3072:3LoDAkjFU/Uw1ND84rrHn+ZoKELE764r489z30dU:767jFCPD84rrH+II7Brj9

Score

10^/10

pony collection credential_access discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://203.250.68.191:8080/forum/viewtopic.php

http://213.155.112.88:8080/forum/viewtopic.php

Attributes

payload_url
http://westbids.net/QQr7.exe

http://vermikompostovani.cz/NcxLL.exe

http://ecotec.fr/NVCzs.exe

Targets

- Target
  
  e20e68f352c163066c15e6f2ee4470c3_JaffaCakes118
- Size
  
  229KB
- MD5
  
  e20e68f352c163066c15e6f2ee4470c3
- SHA1
  
  c624cd08c4e0e8432fcc857c4f52096a65034518
- SHA256
  
  e2338ed399a109ecd1c4e1a1bf0d0e9086645a267f791b3d9ae72a0ad40e6835
- SHA512
  
  f92187d35664f09987070e6ce215fea61e03ec82045b29e118ff55099bc7611cd72436cd85858421fd83e2ff7b0b9a4f99da153c33b828327f201bc3e26699d5
- SSDEEP
  
  3072:3LoDAkjFU/Uw1ND84rrHn+ZoKELE764r489z30dU:767jFCPD84rrH+II7Brj9
Score

10^/10

pony collection credential_access discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectioncredential_accessdiscoveryratspywarestealer

behavioral2

ponycollectioncredential_accessdiscoveryratspywarestealer