General

  • Target

    17ba38cf9abf912e4717435a7af4e1e7_JaffaCakes118

  • Size

    91KB

  • Sample

    240627-162yaawgrn

  • MD5

    17ba38cf9abf912e4717435a7af4e1e7

  • SHA1

    1b36c45cc3dbbb2cdaa2b2da57d7f73b7bff6541

  • SHA256

    9c504d6427c9483ce6e52a2e1f08ccc167bb001755360dd8f7ccc780cc094011

  • SHA512

    32b976f7137e9daf30ef3ddc37c0db7bc66a54b96ed3f6e4d8d8b051ec25bf02260621dcc637226a94a1ce0d3af8192ac34761bbb149299cb3c3ccc66a1afbe5

  • SSDEEP

    1536:fCLO5pIFRsBm7G2tUjHU0xY3dy2WUPysuLFpXsGb4n3dlHELqQgGS8nQc+:fT5pPf2oDyGhsuFpcKW/HqLQc+

Malware Config

Extracted

Family

pony

C2

http://infovega.lt:8080/ponychin/gate.php

http://subdatapro.com:8008/ponychin/gate.php

Attributes
  • payload_url

    http://www.computer-bedrich.cz/iXT6C.exe

    http://galeriamovimento.com.br/mKTgpgr.exe

    http://wapclub.biz/Z7av.exe

Targets

    • Target

      17ba38cf9abf912e4717435a7af4e1e7_JaffaCakes118

    • Size

      91KB

    • MD5

      17ba38cf9abf912e4717435a7af4e1e7

    • SHA1

      1b36c45cc3dbbb2cdaa2b2da57d7f73b7bff6541

    • SHA256

      9c504d6427c9483ce6e52a2e1f08ccc167bb001755360dd8f7ccc780cc094011

    • SHA512

      32b976f7137e9daf30ef3ddc37c0db7bc66a54b96ed3f6e4d8d8b051ec25bf02260621dcc637226a94a1ce0d3af8192ac34761bbb149299cb3c3ccc66a1afbe5

    • SSDEEP

      1536:fCLO5pIFRsBm7G2tUjHU0xY3dy2WUPysuLFpXsGb4n3dlHELqQgGS8nQc+:fT5pPf2oDyGhsuFpcKW/HqLQc+

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks