General

  • Target

    15d42092a2ef31d459d824689e0f4374_JaffaCakes118

  • Size

    196KB

  • Sample

    240627-nkh7tsyeqe

  • MD5

    15d42092a2ef31d459d824689e0f4374

  • SHA1

    6e077582a3966568ddd5ac60fdf545bc3bab517a

  • SHA256

    8b74f8baf0ca828b5d0697bfd26af7768de6a192c42f4384ffd056acf699b14b

  • SHA512

    85092d3d51e7992d6da105578688b6734a7a5166fa96bceb1732477a53a98de44aeb7ab268322f800b2160c10778e76ebc79d5eff760fb0947f6fef6fe47ecbc

  • SSDEEP

    1536:5JNmkhwxWtf1Y6YjifcdBMxa8kCl1BQctJXYQjJKlikU4t+EQnWLf0GwoB2UK/:5ekhYQ1YbduG89tLFKlikU4tsqeo7K/

Malware Config

Extracted

Family

pony

C2

http://etsiunjour.fr:81/pony/gate.php

http://66.175.211.129/pony/gate.php

Attributes
  • payload_url

    http://csmju.jowave.com/fusX.exe

    http://infico.radwlan.pl/URYp.exe

Targets

    • Target

      15d42092a2ef31d459d824689e0f4374_JaffaCakes118

    • Size

      196KB

    • MD5

      15d42092a2ef31d459d824689e0f4374

    • SHA1

      6e077582a3966568ddd5ac60fdf545bc3bab517a

    • SHA256

      8b74f8baf0ca828b5d0697bfd26af7768de6a192c42f4384ffd056acf699b14b

    • SHA512

      85092d3d51e7992d6da105578688b6734a7a5166fa96bceb1732477a53a98de44aeb7ab268322f800b2160c10778e76ebc79d5eff760fb0947f6fef6fe47ecbc

    • SSDEEP

      1536:5JNmkhwxWtf1Y6YjifcdBMxa8kCl1BQctJXYQjJKlikU4t+EQnWLf0GwoB2UK/:5ekhYQ1YbduG89tLFKlikU4tsqeo7K/

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks