General

  • Target

    17094cf837e4de81a7a3eea67171a9c5_JaffaCakes118

  • Size

    127KB

  • Sample

    240627-w1hv1awdlk

  • MD5

    17094cf837e4de81a7a3eea67171a9c5

  • SHA1

    041fc15f1aee8f985284034b934379c078cfcad1

  • SHA256

    d5053b99d4fe45b5e425c625f15c9f8b74456fff55663a09943498b5f79f9a43

  • SHA512

    a922f20ade7545eb82538c63f6d4bb0a0f3823c497f783cc1723eaa41aa8cccb9cf56841bb3214b82140dbb3be77fe63a98cbe78d62d88d46c912249a87da608

  • SSDEEP

    1536:j+RzHJWCvTVDiJCiKe1URmO6iP7Yys+IKPSIM0YslysxPg0cq3OebG9cTD2jc67C:eWC1GTKeWZ7YrKFM0YIy1X0d

Malware Config

Extracted

Family

pony

C2

http://174.140.171.147/pony/gate.php

http://69.194.196.49/pony/gate.php

Attributes
  • payload_url

    http://talentquest.com.mx/1MPj.exe

    http://eqsync.com/48QUMsb.exe

    http://zirmatech.com.br/9exoNyD3.exe

    http://apostagol1.web102.f1.k8.com.br/782V.exe

Targets

    • Target

      17094cf837e4de81a7a3eea67171a9c5_JaffaCakes118

    • Size

      127KB

    • MD5

      17094cf837e4de81a7a3eea67171a9c5

    • SHA1

      041fc15f1aee8f985284034b934379c078cfcad1

    • SHA256

      d5053b99d4fe45b5e425c625f15c9f8b74456fff55663a09943498b5f79f9a43

    • SHA512

      a922f20ade7545eb82538c63f6d4bb0a0f3823c497f783cc1723eaa41aa8cccb9cf56841bb3214b82140dbb3be77fe63a98cbe78d62d88d46c912249a87da608

    • SSDEEP

      1536:j+RzHJWCvTVDiJCiKe1URmO6iP7Yys+IKPSIM0YslysxPg0cq3OebG9cTD2jc67C:eWC1GTKeWZ7YrKFM0YIy1X0d

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks