General

  • Target

    5d6a19f18173018cb0fa7da4f597d842_JaffaCakes118

  • Size

    34KB

  • MD5

    5d6a19f18173018cb0fa7da4f597d842

  • SHA1

    50e97dc2f487ccdbb5f9c7030b61a142022e945e

  • SHA256

    33cfeb17a3936794ee41f9d9456a94961f4ce8fec96e512448ef4841b21a85a9

  • SHA512

    91400da19ef421f1b347df40c743dccaa926680a0201dca9a42dd4000351875711c2461e96785bee879b8eb6507588dfe672008ae022619315447681e9008ef1

  • SSDEEP

    768:QqWAhNvDZgk4wkZtSDeAIg/2LoBnGASMI7hXrC3tB/7jn+AjiWrPO:9vvNg8eAIg/nBnpSMShXrIf+7W7O

Score
10/10

Malware Config

Extracted

Family

pony

C2

http://wegotakedistime.ru/boss/Panel/gate.php

Signatures

  • Pony family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 5d6a19f18173018cb0fa7da4f597d842_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections