General

  • Target

    f9ae968b4b5bfc5e5aaa0916f896d75e_JaffaCakes118

  • Size

    145KB

  • Sample

    240419-g2vhvsag47

  • MD5

    f9ae968b4b5bfc5e5aaa0916f896d75e

  • SHA1

    e81e1fe1abd00bdfc4e4bb96946c75a284515655

  • SHA256

    8dfc7d14392ff75da93eea203cb605332e0a2c3d6847bc72d013a9b450783382

  • SHA512

    a3f1b1f6d02ab49bc1d88b57332f2b126d11a644a3f5007f7c584a4fc01dcbab63d3da0c60db898b7dba279182a0fda8715e50d6da89bc5b809f366f834dc3f5

  • SSDEEP

    3072:zEre7htdArqaBXO5Gq8fogP1a/WEl3y42N6sXR9gQ9y:9hezBXO5aoCElC4YLfNy

Malware Config

Extracted

Family

pony

C2

http://91.121.93.178:8080/pony/gate.php

http://aurianedamez.fr:8080/pony/gate.php

Attributes
  • payload_url

    http://tradeshowshops.com/eAAht3sE.exe

    http://www.diamondtrust.com/5w2kqp.exe

    http://cpsmortgages.com/6t27yZy.exe

Targets

    • Target

      f9ae968b4b5bfc5e5aaa0916f896d75e_JaffaCakes118

    • Size

      145KB

    • MD5

      f9ae968b4b5bfc5e5aaa0916f896d75e

    • SHA1

      e81e1fe1abd00bdfc4e4bb96946c75a284515655

    • SHA256

      8dfc7d14392ff75da93eea203cb605332e0a2c3d6847bc72d013a9b450783382

    • SHA512

      a3f1b1f6d02ab49bc1d88b57332f2b126d11a644a3f5007f7c584a4fc01dcbab63d3da0c60db898b7dba279182a0fda8715e50d6da89bc5b809f366f834dc3f5

    • SSDEEP

      3072:zEre7htdArqaBXO5Gq8fogP1a/WEl3y42N6sXR9gQ9y:9hezBXO5aoCElC4YLfNy

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks