pony | 1ce268d2071976f3172b67a1d51799ce8a16bb18ee6f4d4f4ee36a49d0e85e1b | Triage

Sharing

General

Target

JaffaCakes118_d2ac2c9d070241faea09f6b72cf08a30
Size

93KB
Sample

250119-zgtpyawjcj
MD5

d2ac2c9d070241faea09f6b72cf08a30
SHA1

c4075c3d7146346623dbbc43d5fdb7b0f9948d64
SHA256

1ce268d2071976f3172b67a1d51799ce8a16bb18ee6f4d4f4ee36a49d0e85e1b
SHA512

ab4b777693f1cac9f339c10be5606f721c2df49bf23a6d331119dc3ffe84e8cefb9cc857f8114b9ac1200547a736d1c938f41abb22cea8605d35b25a018b6002
SSDEEP

1536:0QUrqzriwZkrHzo/CArQST1gD3DEVQRb5qb7FwzevKgG4vOLvGBjd1rfeer687P:0ZrOrjZkPoqa4D3qmevt0Qjd1rfeyB

Score

10^/10

pony credential_access discovery rat spyware stealer

Malware Config

Targets

- Target
  
  JaffaCakes118_d2ac2c9d070241faea09f6b72cf08a30
- Size
  
  93KB
- MD5
  
  d2ac2c9d070241faea09f6b72cf08a30
- SHA1
  
  c4075c3d7146346623dbbc43d5fdb7b0f9948d64
- SHA256
  
  1ce268d2071976f3172b67a1d51799ce8a16bb18ee6f4d4f4ee36a49d0e85e1b
- SHA512
  
  ab4b777693f1cac9f339c10be5606f721c2df49bf23a6d331119dc3ffe84e8cefb9cc857f8114b9ac1200547a736d1c938f41abb22cea8605d35b25a018b6002
- SSDEEP
  
  1536:0QUrqzriwZkrHzo/CArQST1gD3DEVQRb5qb7FwzevKgG4vOLvGBjd1rfeer687P:0ZrOrjZkPoqa4D3qmevt0Qjd1rfeyB
Score

10^/10

pony credential_access discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycredential_accessdiscoveryratspywarestealer

behavioral2

ponycredential_accessdiscoveryratspywarestealer