General

  • Target

    16c1c6882a1d03cfa65d0fa8892263f3_JaffaCakes118

  • Size

    154KB

  • Sample

    240627-vdghzssgmj

  • MD5

    16c1c6882a1d03cfa65d0fa8892263f3

  • SHA1

    f077bd9681cfa3df3b444c1a057f1ae98ec69ed0

  • SHA256

    8b0fb915fbcc9407701745fa2f714b5a9ee8882d1dfbbc57a9b0cf465020daf9

  • SHA512

    29fb5c3f191de95b09787965c911e86ef20b22d361a28fb0b9689df68bdaf1456602cb51cbd1f6e3f5e0168ba523ed4729197e59ad52efe248fd5c032c8f2e7e

  • SSDEEP

    1536:+z04fH/VM+zPG66tyi3JegBzVHrU16oZ43Bmr21DZ7suwSz1Vn/1T38UWwMFPV:G04fHnzP4NegDUMoZ2w21NlVtT3B8PV

Malware Config

Extracted

Family

pony

C2

http://sam-latrilogie.com:8080/pony/gate.php

http://loceanic.fr:8080/pony/gate.php

Attributes
  • payload_url

    http://udveksling.cadesignform.dk/exFX.exe

    http://ic-consultores.com.ar/hccg.exe

    http://www.interclubrj.com.br/rwekTWLL.exe

Targets

    • Target

      16c1c6882a1d03cfa65d0fa8892263f3_JaffaCakes118

    • Size

      154KB

    • MD5

      16c1c6882a1d03cfa65d0fa8892263f3

    • SHA1

      f077bd9681cfa3df3b444c1a057f1ae98ec69ed0

    • SHA256

      8b0fb915fbcc9407701745fa2f714b5a9ee8882d1dfbbc57a9b0cf465020daf9

    • SHA512

      29fb5c3f191de95b09787965c911e86ef20b22d361a28fb0b9689df68bdaf1456602cb51cbd1f6e3f5e0168ba523ed4729197e59ad52efe248fd5c032c8f2e7e

    • SSDEEP

      1536:+z04fH/VM+zPG66tyi3JegBzVHrU16oZ43Bmr21DZ7suwSz1Vn/1T38UWwMFPV:G04fHnzP4NegDUMoZ2w21NlVtT3B8PV

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks