General

  • Target

    16ae7e5548d9928427cc3c5b9fafc0c8_JaffaCakes118

  • Size

    91KB

  • Sample

    240627-twdz5szbrf

  • MD5

    16ae7e5548d9928427cc3c5b9fafc0c8

  • SHA1

    6e779cbf4ff0c85b2a9c511db7410dbdce15f8a9

  • SHA256

    29b76a4b58827a31d051437c3c6cf8ca009324a6b99820efceb056e3466151ab

  • SHA512

    55b72774c4e3a0d32f0ac5990d2c8534b81ad70c156523457c46d306b1ae6a65af9ee10cf7acfdd67cc9be6251861788feab13533bfd31e32f8e1d45b382b5b7

  • SSDEEP

    1536:PtKfR5pkFf34WoZh1Oxu1GRnrdV2RZF7ph8TKbUXpQVNnHrKjgW8zrFIU4DgInQm:PtI5prj1+1GnphEKb8CgcPp8Qm

Malware Config

Extracted

Family

pony

C2

http://www.alberghi.com:8080/pony/gate.php

http://zelia.net:8080/pony/gate.php

Attributes
  • payload_url

    http://safamobilya.com/VyBxtBiT/m1KBUJXC.exe

    http://www.biroform.com.mk/vibBmja6/fc0nJ.exe

    http://www.z-bid-z.com/1Ypg1X1N/ZMSQW.exe

Targets

    • Target

      16ae7e5548d9928427cc3c5b9fafc0c8_JaffaCakes118

    • Size

      91KB

    • MD5

      16ae7e5548d9928427cc3c5b9fafc0c8

    • SHA1

      6e779cbf4ff0c85b2a9c511db7410dbdce15f8a9

    • SHA256

      29b76a4b58827a31d051437c3c6cf8ca009324a6b99820efceb056e3466151ab

    • SHA512

      55b72774c4e3a0d32f0ac5990d2c8534b81ad70c156523457c46d306b1ae6a65af9ee10cf7acfdd67cc9be6251861788feab13533bfd31e32f8e1d45b382b5b7

    • SSDEEP

      1536:PtKfR5pkFf34WoZh1Oxu1GRnrdV2RZF7ph8TKbUXpQVNnHrKjgW8zrFIU4DgInQm:PtI5prj1+1GnphEKb8CgcPp8Qm

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks