pony | 124be5d975b62e7d6bd2b9bb3d0b0b81d424fe4653cadd0a06df0a9b71e31796 | Triage

Submit
Reports

Overview

overview

Static

static

3

Scan_0185-pdf.exe

windows7-x64

Scan_0185-pdf.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_0720751bfd183a19f8239485dbe82f10
Size

110KB
Sample

241231-gd8etazraw
MD5

0720751bfd183a19f8239485dbe82f10
SHA1

63788cdac64991e5386f0aefe1b6728be4db2c59
SHA256

124be5d975b62e7d6bd2b9bb3d0b0b81d424fe4653cadd0a06df0a9b71e31796
SHA512

ff9f5e45b2762f92d5f58b2766da800a29ab3e152fd35c241e3cec9a0bc1b29269b03dd76a08aac070e1d70de9d82d28b434217056101c313474d300d6d713ea
SSDEEP

3072:l/GU5IZYesG9WzWj322IQTYVBwGHF3Fbb:75IvsGtG46BZHFVbb

Score

10^/10

pony collection credential_access discovery rat spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Scan_0185-pdf.exe

Resource

win7-20240903-en

pony collection credential_access discovery rat spyware stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Scan_0185-pdf.exe

Resource

win10v2004-20241007-en

pony collection credential_access discovery rat spyware stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://muzukashibrashinki.net/sli99x/gate.php

Targets

- Target
  
  Scan_0185-pdf.exe
- Size
  
  337KB
- MD5
  
  fafc3aa1d8d7a2e4500797fa720f4853
- SHA1
  
  bd61aa8ac1654204dc8ee3cc94cc1db734271149
- SHA256
  
  f50e05d249dfed303937a41961a8f616fa73542e4b07b4cc1973256ba76ad343
- SHA512
  
  05c724750d59c9f2423ad7b42abf1453a8c9db7bb7b0090fcd43e1aa1ccef97d96c09a15af53e8e8605fef8b5cf0edcdba1f553adc56237ca94cbd176db30a75
- SSDEEP
  
  3072:QLJTYbdY/AWNpCG9WnZUx4CGgGEYVBkkyZwVAnMP:JGgZUx4CTGZBttZ
Score

10^/10

pony collection credential_access discovery rat spyware stealer upx
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectioncredential_accessdiscoveryratspywarestealerupx

behavioral2

ponycollectioncredential_accessdiscoveryratspywarestealerupx

© 2018-2025

Terms | Privacy