pony | f74015c51b7d8d18a0b1b28b836dfc23713db08807f356c17225ca13a92c63a3 | Triage

Sharing

General

Target

JaffaCakes118_7a4656b19dd43c727f23f45e92e2201f
Size

110KB
Sample

250104-r5k4pswnbk
MD5

7a4656b19dd43c727f23f45e92e2201f
SHA1

178938f4384b65d4eac05f98e9831b3f67661f66
SHA256

f74015c51b7d8d18a0b1b28b836dfc23713db08807f356c17225ca13a92c63a3
SHA512

45b60e54ce8b559a0332af74f4466f62c325d09d68e5ff0c51ba11ab915fed398e5a2b86bf82a7f9000eb063df10fe054ae46db15f9b55bff8b0085b57bd4755
SSDEEP

3072:Bg6FP6sFCR55hdnv/9UK3F3vbeeNrU5ztEKLYQPpBK:BtF1FCVLnv/DBva0rQE6HP

Score

10^/10

pony collection credential_access discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://filmaka.info/forum/viewtopic.php

http://filmaka.org/forum/viewtopic.php

http://filmaka.us/forum/viewtopic.php

http://filmmaka.com/forum/viewtopic.php

Attributes

payload_url
http://akroncantonhalloween.com/ydTQ.exe

http://attorneymcbride.com/ftQb.exe

http://www.gungeartogo.socialpacific.com/z3X.exe

http://66.71.156.136/GFY2.exe

Targets

- Target
  
  JaffaCakes118_7a4656b19dd43c727f23f45e92e2201f
- Size
  
  110KB
- MD5
  
  7a4656b19dd43c727f23f45e92e2201f
- SHA1
  
  178938f4384b65d4eac05f98e9831b3f67661f66
- SHA256
  
  f74015c51b7d8d18a0b1b28b836dfc23713db08807f356c17225ca13a92c63a3
- SHA512
  
  45b60e54ce8b559a0332af74f4466f62c325d09d68e5ff0c51ba11ab915fed398e5a2b86bf82a7f9000eb063df10fe054ae46db15f9b55bff8b0085b57bd4755
- SSDEEP
  
  3072:Bg6FP6sFCR55hdnv/9UK3F3vbeeNrU5ztEKLYQPpBK:BtF1FCVLnv/DBva0rQE6HP
Score

10^/10

pony collection credential_access discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectioncredential_accessdiscoveryratspywarestealer

behavioral2

ponycollectioncredential_accessdiscoveryratspywarestealer