General

  • Target

    fb88de5ac63557578e90a3646474afe3_JaffaCakes118

  • Size

    127KB

  • Sample

    240420-a2ezvacf4t

  • MD5

    fb88de5ac63557578e90a3646474afe3

  • SHA1

    d6e414421d3fc8a6a5ed23bd5a76c31e13f7370b

  • SHA256

    b883030925c862fa1cd52ee027d113fd515072e49d71e62eb4e4dfb1b7cb877c

  • SHA512

    949c7136aab0558ef54558a541abd31c696d4e39e8c4d37e19395bf5f955b4cfbacde13bfc24bc5406900ae8d4602cd5ff83864a3671188ae1f1cdc08b0418a6

  • SSDEEP

    1536:q+MlClZrnsDFBZ86QqAIfYFiv1zwsv3aYv9SIIlysxPg8kSXVlmEEl9ba46H0XKj:7lZYG6QHe10ZYv/sCJl9b2H0XKdV

Malware Config

Extracted

Family

pony

C2

http://108.166.65.182:8080/pony/gate.php

http://aloucakbileti.com:8080/pony/gate.php

Attributes
  • payload_url

    http://irelands-escorts.com/D5QDyxF9.exe

    http://free-auto-insurance-quotes-online.info/5Fqm.exe

    http://trinidis.com/AHvZzZTZ.exe

Targets

    • Target

      fb88de5ac63557578e90a3646474afe3_JaffaCakes118

    • Size

      127KB

    • MD5

      fb88de5ac63557578e90a3646474afe3

    • SHA1

      d6e414421d3fc8a6a5ed23bd5a76c31e13f7370b

    • SHA256

      b883030925c862fa1cd52ee027d113fd515072e49d71e62eb4e4dfb1b7cb877c

    • SHA512

      949c7136aab0558ef54558a541abd31c696d4e39e8c4d37e19395bf5f955b4cfbacde13bfc24bc5406900ae8d4602cd5ff83864a3671188ae1f1cdc08b0418a6

    • SSDEEP

      1536:q+MlClZrnsDFBZ86QqAIfYFiv1zwsv3aYv9SIIlysxPg8kSXVlmEEl9ba46H0XKj:7lZYG6QHe10ZYv/sCJl9b2H0XKdV

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks