pony | 123a6356b5fd47aa7503fa84c19665973d66ccbdbc809a29acc6ca88b0c30333 | Triage

Sharing

General

Target

JaffaCakes118_9adf2ae0d2da2a377fd92612ba4f08bb
Size

134KB
Sample

250405-r5d1dssns8
MD5

9adf2ae0d2da2a377fd92612ba4f08bb
SHA1

8e4203479c9ffecfc9abc5f15d04e6b908ab789c
SHA256

123a6356b5fd47aa7503fa84c19665973d66ccbdbc809a29acc6ca88b0c30333
SHA512

ad00654f3040988a647569f27243e8f42992a43eefb78aabdf46b36be00e9c5ab983ceb2c22444b27c1f530297784a526404df3d95767b5363283ef227d7df91
SSDEEP

3072:JAtEhw1GBcMc0ToVAD6moAiZkj2Xa7U1qQ:utCwcjc01y4yCQ

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://momus.com.tw:8080/pony/gate.php

http://66.175.216.69/pony/gate.php

Attributes

payload_url
http://benihikanjogja.com/DxexAW1.exe

http://viveroparadiso.com.ar/NSyf.exe

http://www.jeveuxepargner.net/ab3GM.exe

Targets

- Target
  
  JaffaCakes118_9adf2ae0d2da2a377fd92612ba4f08bb
- Size
  
  134KB
- MD5
  
  9adf2ae0d2da2a377fd92612ba4f08bb
- SHA1
  
  8e4203479c9ffecfc9abc5f15d04e6b908ab789c
- SHA256
  
  123a6356b5fd47aa7503fa84c19665973d66ccbdbc809a29acc6ca88b0c30333
- SHA512
  
  ad00654f3040988a647569f27243e8f42992a43eefb78aabdf46b36be00e9c5ab983ceb2c22444b27c1f530297784a526404df3d95767b5363283ef227d7df91
- SSDEEP
  
  3072:JAtEhw1GBcMc0ToVAD6moAiZkj2Xa7U1qQ:utCwcjc01y4yCQ
Score

10^/10

pony discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer