pony | 4a201703f2344baed15926e45960c44175c4a844e1f4d3ed355b147e00543105 | Triage

Sharing

General

Target

JaffaCakes118_36255c00f82c49aac977fdc55fc1976c
Size

132KB
Sample

250126-rcc8dstjcy
MD5

36255c00f82c49aac977fdc55fc1976c
SHA1

088438bc46e053987e1ac2a3bd87833b6bf6d29b
SHA256

4a201703f2344baed15926e45960c44175c4a844e1f4d3ed355b147e00543105
SHA512

a1eb950c8272f75ecb140f0b387ec00ee5aa5b02858136241f83128e452b1ae63fc62e657ef6197c488f304e2979f0d554de5c88a2d31412d7c154f9bc3a3d5c
SSDEEP

1536:DfbmUgeUtHmOC6ScpLh4hFLhad70mtAbLnXQ1l7s1Vgjv1r3J/HjYU5Uzv6gcYt2:DfbmUkNmOJSo6FQ1kXQ3Q2/DJ5Ujj3P

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://67.215.225.205:8080/forum/viewtopic.php

http://66.175.215.72/forum/viewtopic.php

Attributes

payload_url
http://realitycoaching.es/pm3Wi2bw.exe

http://fuszerboltom.hu/Nzg.exe

Targets

- Target
  
  JaffaCakes118_36255c00f82c49aac977fdc55fc1976c
- Size
  
  132KB
- MD5
  
  36255c00f82c49aac977fdc55fc1976c
- SHA1
  
  088438bc46e053987e1ac2a3bd87833b6bf6d29b
- SHA256
  
  4a201703f2344baed15926e45960c44175c4a844e1f4d3ed355b147e00543105
- SHA512
  
  a1eb950c8272f75ecb140f0b387ec00ee5aa5b02858136241f83128e452b1ae63fc62e657ef6197c488f304e2979f0d554de5c88a2d31412d7c154f9bc3a3d5c
- SSDEEP
  
  1536:DfbmUgeUtHmOC6ScpLh4hFLhad70mtAbLnXQ1l7s1Vgjv1r3J/HjYU5Uzv6gcYt2:DfbmUkNmOJSo6FQ1kXQ3Q2/DJ5Ujj3P
Score

10^/10

pony discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer

behavioral2

ponydiscoveryratspywarestealer