pony | 72534f7773e61881992b7cdc3e9c684592bf3d427e8253c93dd4586e2d71b55e | Triage

Submit
Reports

Overview

overview

Static

static

3

P.O#171763...RE.exe

windows7-x64

P.O#171763...RE.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_61a88cc63023d2caa736367e79419330
Size

465KB
Sample

250102-a6qbdawlgn
MD5

61a88cc63023d2caa736367e79419330
SHA1

21526ebe84d0adfd93c389e5644c6ab7010f87bf
SHA256

72534f7773e61881992b7cdc3e9c684592bf3d427e8253c93dd4586e2d71b55e
SHA512

3bec818aeba1f116f6860ea325c6d1cc09ee335344362bfd7954d28d85190979dee96285a6841e512c609d9922cc81f481b810b4529e6eb708bcf64170b313bd
SSDEEP

12288:Al1V2SngrL2WIOtdGaFOJ9dwAE105tUdCxHHHfiyJsP0i:A7V3neIPJ9+AVHflsMi

Score

10^/10

pony collection credential_access discovery rat spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

P.O#171763403583 ORDER SZOETISW KARAMEN SINGAPORE.exe

Resource

win7-20240903-en

pony collection credential_access discovery rat spyware stealer upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

P.O#171763403583 ORDER SZOETISW KARAMEN SINGAPORE.exe

Resource

win10v2004-20241007-en

pony collection credential_access discovery rat spyware stealer upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://xbox.esy.es/1/1/gate.php

Targets

- Target
  
  P.O#171763403583 ORDER SZOETISW KARAMEN SINGAPORE.exe
- Size
  
  480KB
- MD5
  
  b60aaec8cefcdb511c0437a4649e85b5
- SHA1
  
  d5ee815a3157ced4e591d3b138230834d3f5803a
- SHA256
  
  2cbb91ba2eae3954fefec5619fa6d25c33acfa229e1f3109d27a28b9288d9582
- SHA512
  
  bcf86d47fbfa51a9c508c44b512c7838408f951ae7cc8caeee73855797bb5031c2663e47d390f51111f8f1cd5cc087ed6c3e5f8c768df5ac8178c072823e833c
- SSDEEP
  
  12288:WC8hMjt9NrgD2Q9/xMkNDwyRh4y5cPpauCs:W3hMRvMSQzM0DOocPw
Score

10^/10

pony collection credential_access discovery rat spyware stealer upx
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectioncredential_accessdiscoveryratspywarestealerupx

behavioral2

ponycollectioncredential_accessdiscoveryratspywarestealerupx

© 2018-2025

Terms | Privacy