pony | 53d38d5ebef7db0fd36023453d028419b7ee03f6896e793a8228b20d5da5a2ef | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...20.exe

windows7-x64

JaffaCakes...20.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_7b93c55b1af0c62ab7ee3370c69ec920
Size

542KB
Sample

250104-y4634svrgt
MD5

7b93c55b1af0c62ab7ee3370c69ec920
SHA1

aca3ddc65855cec5c61e6a2ec72e6388817d17b6
SHA256

53d38d5ebef7db0fd36023453d028419b7ee03f6896e793a8228b20d5da5a2ef
SHA512

315e6e87d2c125a26f86c5c72847492905056cbebe4cfb22f94a3c1e498fc47aa78dce759efb73cf1381d7eac21ddb9d6dcc98131842cb16f1d7a6e27e29cccd
SSDEEP

3072:Y3FPo4wMMv7A8/HaVuYeHHvWM/EOh7xWN9T7xWN9hqabvHlnfnbn0XpCbMIgjGwB:Y3Vo4udnHHvv8OC4b8vJSaK/e+Fj8RX

Score

10^/10

pony collection credential_access discovery rat spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_7b93c55b1af0c62ab7ee3370c69ec920.exe

Resource

win7-20240903-en

pony collection credential_access discovery rat spyware stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_7b93c55b1af0c62ab7ee3370c69ec920.exe

Resource

win10v2004-20241007-en

pony collection credential_access discovery rat spyware stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

pony

C2

http://bsluae.co/anak/Panel/gate.php

http://www.bsluae.co/anak/Panel/gate.php

Targets

- Target
  
  JaffaCakes118_7b93c55b1af0c62ab7ee3370c69ec920
- Size
  
  542KB
- MD5
  
  7b93c55b1af0c62ab7ee3370c69ec920
- SHA1
  
  aca3ddc65855cec5c61e6a2ec72e6388817d17b6
- SHA256
  
  53d38d5ebef7db0fd36023453d028419b7ee03f6896e793a8228b20d5da5a2ef
- SHA512
  
  315e6e87d2c125a26f86c5c72847492905056cbebe4cfb22f94a3c1e498fc47aa78dce759efb73cf1381d7eac21ddb9d6dcc98131842cb16f1d7a6e27e29cccd
- SSDEEP
  
  3072:Y3FPo4wMMv7A8/HaVuYeHHvWM/EOh7xWN9T7xWN9hqabvHlnfnbn0XpCbMIgjGwB:Y3Vo4udnHHvv8OC4b8vJSaK/e+Fj8RX
Score

10^/10

pony collection credential_access discovery rat spyware stealer upx
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycollectioncredential_accessdiscoveryratspywarestealerupx

behavioral2

ponycollectioncredential_accessdiscoveryratspywarestealerupx

© 2018-2025

Terms | Privacy