General

  • Target

    168a09ef2c7cb4369d3c2c2a3bc49990_JaffaCakes118

  • Size

    160KB

  • Sample

    240627-szk27azfpn

  • MD5

    168a09ef2c7cb4369d3c2c2a3bc49990

  • SHA1

    eba113b11e1a929c32f7b8f0c0c9cb74bb875e67

  • SHA256

    bc0104581ed3fbe7476daf10252c41989147ad725652d6e6a65f0b9f952f4bbf

  • SHA512

    2489bc41cea540a01815eb54ccdd47ae95362ea75ac3fd59422b8d8c3e4722ab42711ef29f103db5a64407b0c8d14447e21e2ac33eb7daa42e3ff8101cc94087

  • SSDEEP

    1536:/X+g615xhCMVq781ov57h9fhXhuetpRkpvnCUQIetcABzuAk/E+ikdVsx7EAK3:/a5xtVc57vtpRSCsqcmkT2wAK3

Malware Config

Extracted

Family

pony

C2

http://72.37.220.10:8080/pony/gate.php

http://216.52.143.121/pony/gate.php

Attributes
  • payload_url

    http://204.3.31.186/7M0pxn.exe

    http://198.106.90.79/ykGNga.exe

    http://www.plascombritadores.com.br/uKd.exe

Targets

    • Target

      168a09ef2c7cb4369d3c2c2a3bc49990_JaffaCakes118

    • Size

      160KB

    • MD5

      168a09ef2c7cb4369d3c2c2a3bc49990

    • SHA1

      eba113b11e1a929c32f7b8f0c0c9cb74bb875e67

    • SHA256

      bc0104581ed3fbe7476daf10252c41989147ad725652d6e6a65f0b9f952f4bbf

    • SHA512

      2489bc41cea540a01815eb54ccdd47ae95362ea75ac3fd59422b8d8c3e4722ab42711ef29f103db5a64407b0c8d14447e21e2ac33eb7daa42e3ff8101cc94087

    • SSDEEP

      1536:/X+g615xhCMVq781ov57h9fhXhuetpRkpvnCUQIetcABzuAk/E+ikdVsx7EAK3:/a5xtVc57vtpRSCsqcmkT2wAK3

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks