pony | 685630bc62de6b7700f0370419e102fed425f60e764c2a76473336a0f6f2c7ac | Triage

Submit
Reports

Overview

overview

Static

static

8

685630bc62...ac.doc

windows7-x64

685630bc62...ac.doc

windows10-2004-x64

4

Sharing

General

Target

685630bc62de6b7700f0370419e102fed425f60e764c2a76473336a0f6f2c7ac
Size

250KB
Sample

241215-1lk42azmek
MD5

5fd8c0a425255c3eb8972a3e2d5ad810
SHA1

fbc67cb81231a53bb9fef7b4c2e92d5c670b9625
SHA256

685630bc62de6b7700f0370419e102fed425f60e764c2a76473336a0f6f2c7ac
SHA512

4acc1138e1b1c04bc20a35871d72c5838e0ca5af75b6e435fd6e304e3dd40ba0fa6a7a4b9ae96aec4318c6cb327f416b83bdf1c24b6a713dd4a2f2eb5da48720
SSDEEP

3072:1VIf+rqpDAoBxgfWsopbVTd5E8SNolOW1NN2e08CeVA4Rjt:1VIfEMDAoBxHpZ08SEjtZ

Score

10^/10

pony collection credential_access defense_evasion discovery macro macro_on_action rat spyware stealer

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

685630bc62de6b7700f0370419e102fed425f60e764c2a76473336a0f6f2c7ac.doc

Resource

win7-20240903-en

pony collection credential_access discovery rat spyware stealer

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

685630bc62de6b7700f0370419e102fed425f60e764c2a76473336a0f6f2c7ac.doc

Resource

win10v2004-20241007-en

defense_evasion

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://beheutsi.ru/gate.php

http://fievenghapun.ru/gate.php

http://juskinsandfo.ru/gate.php

Attributes

payload_url
http://gourmet.pergaz.com/media/system/host.exe

http://yeebay.co/media/system/host.exe

http://hungphatea.com.au/media/system/host.exe

Targets

- Target
  
  685630bc62de6b7700f0370419e102fed425f60e764c2a76473336a0f6f2c7ac
- Size
  
  250KB
- MD5
  
  5fd8c0a425255c3eb8972a3e2d5ad810
- SHA1
  
  fbc67cb81231a53bb9fef7b4c2e92d5c670b9625
- SHA256
  
  685630bc62de6b7700f0370419e102fed425f60e764c2a76473336a0f6f2c7ac
- SHA512
  
  4acc1138e1b1c04bc20a35871d72c5838e0ca5af75b6e435fd6e304e3dd40ba0fa6a7a4b9ae96aec4318c6cb327f416b83bdf1c24b6a713dd4a2f2eb5da48720
- SSDEEP
  
  3072:1VIf+rqpDAoBxgfWsopbVTd5E8SNolOW1NN2e08CeVA4Rjt:1VIfEMDAoBxHpZ08SEjtZ
Score

10^/10

pony collection credential_access discovery rat spyware stealer defense_evasion
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

ponycollectioncredential_accessdiscoveryratspywarestealer

behavioral2

defense_evasion

© 2018-2025

Terms | Privacy