General

  • Target

    fe79f87e6bcb02fc7811499988326be8_JaffaCakes118

  • Size

    107KB

  • Sample

    240421-fh1ebsca5y

  • MD5

    fe79f87e6bcb02fc7811499988326be8

  • SHA1

    82309ce8036e1ec43f9a19fb399a1b222a27c37c

  • SHA256

    14850481562768aa32df253c719dfb0df485ed5072ce6fe6499317b6c1e1211c

  • SHA512

    01922c2aad03130dc2b7ff91480696dbd8ec5de9a2c9ccbb7401aa7ae78b21669b2c44e6c1248b82220758855c0b57eb9e12e691a36c1fa9853c7cc33290b52b

  • SSDEEP

    3072:GBmZfxf2XYCFduNosiBck1dixYU/NMcQDmifBIs15:ZfmTFdu9qcEU/+cojH

Malware Config

Extracted

Family

pony

C2

http://91.121.84.204:8080/ponychin/gate.php

http://91.121.93.178:8080/ponychin/gate.php

Attributes
  • payload_url

    http://1clickloansusa.com/1KX.exe

    http://civilcsapat.hu/6Hy99Ub.exe

    http://rt-ingenieria.com.ar/otHGG9S.exe

Targets

    • Target

      fe79f87e6bcb02fc7811499988326be8_JaffaCakes118

    • Size

      107KB

    • MD5

      fe79f87e6bcb02fc7811499988326be8

    • SHA1

      82309ce8036e1ec43f9a19fb399a1b222a27c37c

    • SHA256

      14850481562768aa32df253c719dfb0df485ed5072ce6fe6499317b6c1e1211c

    • SHA512

      01922c2aad03130dc2b7ff91480696dbd8ec5de9a2c9ccbb7401aa7ae78b21669b2c44e6c1248b82220758855c0b57eb9e12e691a36c1fa9853c7cc33290b52b

    • SSDEEP

      3072:GBmZfxf2XYCFduNosiBck1dixYU/NMcQDmifBIs15:ZfmTFdu9qcEU/+cojH

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks