General

  • Target

    fa98feb741d37269abc9b78667c21c3f_JaffaCakes118

  • Size

    172KB

  • Sample

    240419-st63gafg62

  • MD5

    fa98feb741d37269abc9b78667c21c3f

  • SHA1

    1c3b209ea8597434fa786425a49fc8ec04a76378

  • SHA256

    1b68d0afeacdfa23f88dd50f5429e3a8b47e9c62d5d9879688a20ffb1c6a1edc

  • SHA512

    3492549910f35217277e25519d7a67a3ab6fd23cf66c8e93da0ea59a904cd0ed3e2aa1de2d95222dec357cb0208f5b4a95cd1bd70710d38a740e66b4619b1336

  • SSDEEP

    3072:5pXwPTzE7/CeZaK0/wjuUbykF3DaW3EXCUsKwe6:Q7ITCIaDwqSpFzaMEXtsKU

Malware Config

Extracted

Family

pony

C2

http://108.166.65.182:8080/pony/gate.php

http://50.116.60.97/pony/gate.php

Attributes
  • payload_url

    http://liliyot.co.il/6KKg1gjp.exe

    http://parapunov.com/F4nzCV.exe

Targets

    • Target

      fa98feb741d37269abc9b78667c21c3f_JaffaCakes118

    • Size

      172KB

    • MD5

      fa98feb741d37269abc9b78667c21c3f

    • SHA1

      1c3b209ea8597434fa786425a49fc8ec04a76378

    • SHA256

      1b68d0afeacdfa23f88dd50f5429e3a8b47e9c62d5d9879688a20ffb1c6a1edc

    • SHA512

      3492549910f35217277e25519d7a67a3ab6fd23cf66c8e93da0ea59a904cd0ed3e2aa1de2d95222dec357cb0208f5b4a95cd1bd70710d38a740e66b4619b1336

    • SSDEEP

      3072:5pXwPTzE7/CeZaK0/wjuUbykF3DaW3EXCUsKwe6:Q7ITCIaDwqSpFzaMEXtsKU

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks