2018-04-20 Pony/Fareit Malspam
Found some malspam that looks to be Pony/Fareit related. Generally speaking, Pony/Fareit deals with credential stealing varying from FTP to email clients and any other credential that it may be able to obtain. The results that I got from my VM are different than what I got from Any.Run and Payload Security. For example, on my VM it did not reach out to “myrfrers[.]com” domain, nor did the Any.Run sample try to reach out to the “pornhouse[.]mobi” domain. I also did not see anything from the limited run of ProcMon relating to any FTP sites, or anything trying to obtain…