Overview

overview

10

Static

static

10

a6ec7fb687...18.exe

windows7-x64

10

a6ec7fb687...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6ec7fb68787c2147a4e951e19d3ba41_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240613-2jsa1atbja

  • MD5

    a6ec7fb68787c2147a4e951e19d3ba41

  • SHA1

    9844321e0bf3fad5ec9b99191d16bc019dfa18f4

  • SHA256

    e5712610af22299b22a75c4e4000e266f6b58bd0334dade6f666574e1054d605

  • SHA512

    764459715c00113905470b7ea3fcda1dddcaf1cfb6f01eae05b308a524b9fc57afff58b5d39e1fb7edebba8da701fd13d329d5a323e297f6f071f183cc74bacb

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZq:0UzeyQMS4DqodCnoe+iitjWwwW

Score
10/10
ponyevasionpersistenceratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      a6ec7fb68787c2147a4e951e19d3ba41_JaffaCakes118

    • Size

      2.2MB

    • MD5

      a6ec7fb68787c2147a4e951e19d3ba41

    • SHA1

      9844321e0bf3fad5ec9b99191d16bc019dfa18f4

    • SHA256

      e5712610af22299b22a75c4e4000e266f6b58bd0334dade6f666574e1054d605

    • SHA512

      764459715c00113905470b7ea3fcda1dddcaf1cfb6f01eae05b308a524b9fc57afff58b5d39e1fb7edebba8da701fd13d329d5a323e297f6f071f183cc74bacb

    • SSDEEP

      24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZq:0UzeyQMS4DqodCnoe+iitjWwwW

    Score
    10/10
    ponyevasionpersistenceratspywarestealer

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Modifies Installed Components in the registry

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.