Overview

overview

10

Static

static

3

0467e10fff...18.dll

windows7-x64

10

0467e10fff...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0467e10fff35ed4a83402cd910e01f64_JaffaCakes118

  • Size

    83KB

  • Sample

    240428-fey24agd69

  • MD5

    0467e10fff35ed4a83402cd910e01f64

  • SHA1

    64198c58dbed811b4b956ffa4ee11386d35b3682

  • SHA256

    8acd4e48c74793eecfe61b558dd1ef997384ae7e83db9d63ea84fe77ad38477c

  • SHA512

    11d0d3f96ebb3c25d2f07ba5aa4c13810cc009b0e12c129cf273944e97cd33d67548e3c54ae56301a9075a16f555d7e4f2459cfaf8c11fd33d05c4afb0581fb4

  • SSDEEP

    1536:QdNmO3D3dqL1+rv8yU2fpDhNs1+EOB2xDnVpskzZF//dU/Z:UNZT3UB0hCrOB2lB//dU/

Score
10/10
ponydiscoveryratspywarestealer

Malware Config

Targets

    • Target

      0467e10fff35ed4a83402cd910e01f64_JaffaCakes118

    • Size

      83KB

    • MD5

      0467e10fff35ed4a83402cd910e01f64

    • SHA1

      64198c58dbed811b4b956ffa4ee11386d35b3682

    • SHA256

      8acd4e48c74793eecfe61b558dd1ef997384ae7e83db9d63ea84fe77ad38477c

    • SHA512

      11d0d3f96ebb3c25d2f07ba5aa4c13810cc009b0e12c129cf273944e97cd33d67548e3c54ae56301a9075a16f555d7e4f2459cfaf8c11fd33d05c4afb0581fb4

    • SSDEEP

      1536:QdNmO3D3dqL1+rv8yU2fpDhNs1+EOB2xDnVpskzZF//dU/Z:UNZT3UB0hCrOB2lB//dU/

    Score
    10/10
    ponydiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks