General

  • Target

    038650cdc4536c7102f6cd4c63c02236_JaffaCakes118

  • Size

    108KB

  • Sample

    240427-yvkthsfg7z

  • MD5

    038650cdc4536c7102f6cd4c63c02236

  • SHA1

    a11325cd336019d31b25098b6eb3e516f592ed99

  • SHA256

    7875ffff6ce65f7a23c88ba1afadbb77420e7d865120f5627b34c77927111376

  • SHA512

    a34340bc191a08058f7f6cfac8be03e433756bd020f996fca504e4af65c13dbb7232c63a73d3a94341161732ad10f804b6345a62541b3cde8d8d3274aa085723

  • SSDEEP

    1536:QR6QEXFVqT7D6AEbZPpcGlvK5spMQGs8HA1mOAvTv1Xkzkb7sN13K:OfeFvZPpa7OAhns6

Malware Config

Extracted

Family

pony

C2

http://accexx.space/mayor/gate.php

Targets

    • Target

      038650cdc4536c7102f6cd4c63c02236_JaffaCakes118

    • Size

      108KB

    • MD5

      038650cdc4536c7102f6cd4c63c02236

    • SHA1

      a11325cd336019d31b25098b6eb3e516f592ed99

    • SHA256

      7875ffff6ce65f7a23c88ba1afadbb77420e7d865120f5627b34c77927111376

    • SHA512

      a34340bc191a08058f7f6cfac8be03e433756bd020f996fca504e4af65c13dbb7232c63a73d3a94341161732ad10f804b6345a62541b3cde8d8d3274aa085723

    • SSDEEP

      1536:QR6QEXFVqT7D6AEbZPpcGlvK5spMQGs8HA1mOAvTv1Xkzkb7sN13K:OfeFvZPpa7OAhns6

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks