Overview

overview

10

Static

static

10

397dcf162c...18.exe

windows7-x64

10

397dcf162c...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    397dcf162cd17f92cc6031556b50d95a_JaffaCakes118

  • Size

    90KB

  • MD5

    397dcf162cd17f92cc6031556b50d95a

  • SHA1

    27d451de50b62c4daa3f0c3468b78033b965401a

  • SHA256

    3aec7692abf8842b8dc8492e8b3f04034377ff730f299d1787124d486e8c4579

  • SHA512

    a56227ee8543e5bdac9086dad81e4e217aa1dc47507d11ad8a1608ff988761c7323b9c4cb93d9724eb3e971b5fb3e302d647fd6bbf7cde5e322b413c766b50b7

  • SSDEEP

    1536:UnSncgyGqTDRXmGcwSCfZDalZNg9tvo0iO3AX4ApTvMEIakzmt2l:2SnMuGc/CfZDap6COU45EIitm

Score
10/10
pony

Malware Config

Extracted

Family

pony

C2

http://winenews.it/figo/gate.php

Attributes
  • payload_url

    http://winenews.it/figo/samara.exe

Signatures

  • Pony family
    pony
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 397dcf162cd17f92cc6031556b50d95a_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections