pony | d4f6f273af21aed65fb56054ba7734dd8b3f541c60e59a62eaa833f9c905d0d7

General

Target

fb3cfb3f79c09b80096d2306d332dd66_JaffaCakes118
Size

65KB
Sample

241218-mwvjkawjcv
MD5

fb3cfb3f79c09b80096d2306d332dd66
SHA1

c2d9436c6db861eb44784da94be666d65fcaf535
SHA256

d4f6f273af21aed65fb56054ba7734dd8b3f541c60e59a62eaa833f9c905d0d7
SHA512

2c2d55281d74f32f295203a14882f29c90cf6b2d636dacb2ff679e6446b8d927f9ffc39ab9748683e2272e77727fdc2cb29d38c61cd76ff37505b501c9571131
SSDEEP

1536:HcbGnFm0Es5jIZwd7mZulETuiy2rUtNuA/MFYBjSSqfL:H19EsVdqnKi7UTuw0UjiL

Score

10^/10

Malware Config

Extracted

Family

pony

C2

http://kioggfa.info:9135/pic/fly.php

http://jmpwjhu.info:9135/pic/fly.php

Targets

- Target
  
  fb3cfb3f79c09b80096d2306d332dd66_JaffaCakes118
- Size
  
  65KB
- MD5
  
  fb3cfb3f79c09b80096d2306d332dd66
- SHA1
  
  c2d9436c6db861eb44784da94be666d65fcaf535
- SHA256
  
  d4f6f273af21aed65fb56054ba7734dd8b3f541c60e59a62eaa833f9c905d0d7
- SHA512
  
  2c2d55281d74f32f295203a14882f29c90cf6b2d636dacb2ff679e6446b8d927f9ffc39ab9748683e2272e77727fdc2cb29d38c61cd76ff37505b501c9571131
- SSDEEP
  
  1536:HcbGnFm0Es5jIZwd7mZulETuiy2rUtNuA/MFYBjSSqfL:H19EsVdqnKi7UTuw0UjiL
Score

10^/10

pony collection credential_access defense_evasion discovery rat spyware stealer upx
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2