Overview

overview

10

Static

static

10

9215880904...18.exe

windows7-x64

10

9215880904...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    921588090494b177f68b0e236bcb84a0_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240603-rl9b7aaf22

  • MD5

    921588090494b177f68b0e236bcb84a0

  • SHA1

    3c0ff18e3308cc6e0115856c3e03f8d78cdd05cd

  • SHA256

    8f3d6613bdd14772f4efc53b5f7bbf65b505ca2a0fff1a23ee4ea234c3e42705

  • SHA512

    1bc1e6bb7831124bf5ce511b4c88680b130c16cb89eb2525b55b47285656c90663f67292d491a424da7f24b7eeedc216a3d4fe8c2c3c5671a05684fa89040e0c

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlA:86SIROiFJiwp0xlrlA

Score
10/10
ponyevasionpersistenceratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      921588090494b177f68b0e236bcb84a0_JaffaCakes118

    • Size

      2.6MB

    • MD5

      921588090494b177f68b0e236bcb84a0

    • SHA1

      3c0ff18e3308cc6e0115856c3e03f8d78cdd05cd

    • SHA256

      8f3d6613bdd14772f4efc53b5f7bbf65b505ca2a0fff1a23ee4ea234c3e42705

    • SHA512

      1bc1e6bb7831124bf5ce511b4c88680b130c16cb89eb2525b55b47285656c90663f67292d491a424da7f24b7eeedc216a3d4fe8c2c3c5671a05684fa89040e0c

    • SSDEEP

      49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlA:86SIROiFJiwp0xlrlA

    Score
    10/10
    ponyevasionpersistenceratspywarestealer

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Modifies Installed Components in the registry

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.