pony | 75f2d1b3e6e96f048ad08276116ae64f7b2a032aa755279a2cd53bce92c35c2f | Triage

Sharing

General

Target

JaffaCakes118_a4efddada485478a2265cb643e587966
Size

132KB
Sample

250409-pfxebszms4
MD5

a4efddada485478a2265cb643e587966
SHA1

27401118556b5b5e7514e6b0cc94c22903021b24
SHA256

75f2d1b3e6e96f048ad08276116ae64f7b2a032aa755279a2cd53bce92c35c2f
SHA512

2af876a5a523f5e28e3a02710437ecdded4d005debf05a1b68c1b90143d9615ee97badb00e08bde059fcc37b9fed8f3ce9a37144839ede2de1daef3c958f155c
SSDEEP

3072:DfbmUkNmOJ8GTupfQr1/GLHrFEjKCkJiXP:jb/k76pfQ+rOjQJi/

Score

10^/10

pony discovery rat spyware stealer

Malware Config

Extracted

Family

pony

C2

http://67.215.225.205:8080/forum/viewtopic.php

http://66.175.215.72/forum/viewtopic.php

Attributes

payload_url
http://bobinlaminasyonmakinalari.com/o9RYHbCx.exe

http://broadbentcompany.wsisrdev.com/KbGb.exe

http://directoryplanet.com/v3nxm.exe

Targets

- Target
  
  JaffaCakes118_a4efddada485478a2265cb643e587966
- Size
  
  132KB
- MD5
  
  a4efddada485478a2265cb643e587966
- SHA1
  
  27401118556b5b5e7514e6b0cc94c22903021b24
- SHA256
  
  75f2d1b3e6e96f048ad08276116ae64f7b2a032aa755279a2cd53bce92c35c2f
- SHA512
  
  2af876a5a523f5e28e3a02710437ecdded4d005debf05a1b68c1b90143d9615ee97badb00e08bde059fcc37b9fed8f3ce9a37144839ede2de1daef3c958f155c
- SSDEEP
  
  3072:DfbmUkNmOJ8GTupfQr1/GLHrFEjKCkJiXP:jb/k76pfQ+rOjQJi/
Score

10^/10

pony discovery rat spyware stealer
- Pony family
  pony
- Pony,Fareit
  Pony is a Remote Access Trojan application that steals information.
  rat spyware stealer pony
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ponydiscoveryratspywarestealer