General

  • Target

    f82d92d386cfe20f8e3da1a835d39dd8_JaffaCakes118

  • Size

    130KB

  • Sample

    240418-rmv6ysfd86

  • MD5

    f82d92d386cfe20f8e3da1a835d39dd8

  • SHA1

    2727e729229f2d4a66e191a621a893e8980c04ee

  • SHA256

    9526f836b584e69a688ad34ba37ae36500bbeb77ab91921deadc417a53d59011

  • SHA512

    8197eb5f25f322abcfa90d105c833db51d08be012cbadecfc8b9c6e2fb3c3d9d9061775b8b2157f54b26f9caa03b2d64877f534fce3d1bd1ddbef397ed544ce6

  • SSDEEP

    1536:8+PRP9hI4dNIN1/gzyGQnnXvWpRivOUqhjysSIClysxPg9RgXzMB3QeNrW5Gi0DA:59+4rylGQnNOUwywSO8MJvti0DKIegS

Malware Config

Extracted

Family

pony

C2

http://108.166.65.182:8080/pony/gate.php

http://aloucakbileti.com:8080/pony/gate.php

Attributes
  • payload_url

    http://irelands-escorts.com/D5QDyxF9.exe

    http://guiadahora.com.br/8ZLYZor.exe

    http://trinidis.com/AHvZzZTZ.exe

Targets

    • Target

      f82d92d386cfe20f8e3da1a835d39dd8_JaffaCakes118

    • Size

      130KB

    • MD5

      f82d92d386cfe20f8e3da1a835d39dd8

    • SHA1

      2727e729229f2d4a66e191a621a893e8980c04ee

    • SHA256

      9526f836b584e69a688ad34ba37ae36500bbeb77ab91921deadc417a53d59011

    • SHA512

      8197eb5f25f322abcfa90d105c833db51d08be012cbadecfc8b9c6e2fb3c3d9d9061775b8b2157f54b26f9caa03b2d64877f534fce3d1bd1ddbef397ed544ce6

    • SSDEEP

      1536:8+PRP9hI4dNIN1/gzyGQnnXvWpRivOUqhjysSIClysxPg9RgXzMB3QeNrW5Gi0DA:59+4rylGQnNOUwywSO8MJvti0DKIegS

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks