pony | c4a9b0903381032d06cca09d1c5a94cb162b54f894f0e759c1b3fff655ca9a18 | Triage

Sharing

General

Target

JaffaCakes118_a3d37c911eb685d5b148cd0c60cb6f70
Size

138KB
Sample

250409-h318gaszht
MD5

a3d37c911eb685d5b148cd0c60cb6f70
SHA1

8ae7de7a1545a1ab1efe4a5c2cb908fc0c05240a
SHA256

c4a9b0903381032d06cca09d1c5a94cb162b54f894f0e759c1b3fff655ca9a18
SHA512

d06edd987d04633584699de3579f1947d8a97ca6d410242b472f698f2afa031dd3c9c4626760456ce1d622c37f99f83dc2d821881fc9d7a96eb7d191c2ff3072
SSDEEP

1536:quVoShezXY8PIiyZFXzc2jhSdsLYuH+zEuIxjvArAJ88bSS5MuBNLGY8iqtFdyzt:JTozI8LynXA2PvuSj4rGSUB1GY+QNL

Score

10^/10

pony credential_access discovery rat spyware stealer

Malware Config

Targets

- Target
  
  JaffaCakes118_a3d37c911eb685d5b148cd0c60cb6f70
- Size
  
  138KB
- MD5
  
  a3d37c911eb685d5b148cd0c60cb6f70
- SHA1
  
  8ae7de7a1545a1ab1efe4a5c2cb908fc0c05240a
- SHA256
  
  c4a9b0903381032d06cca09d1c5a94cb162b54f894f0e759c1b3fff655ca9a18
- SHA512
  
  d06edd987d04633584699de3579f1947d8a97ca6d410242b472f698f2afa031dd3c9c4626760456ce1d622c37f99f83dc2d821881fc9d7a96eb7d191c2ff3072
- SSDEEP
  
  1536:quVoShezXY8PIiyZFXzc2jhSdsLYuH+zEuIxjvArAJ88bSS5MuBNLGY8iqtFdyzt:JTozI8LynXA2PvuSj4rGSUB1GY+QNL
Score

10^/10

pony credential_access discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponycredential_accessdiscoveryratspywarestealer