General

  • Target

    1848353afd6a5f6cb7f80cc6a5cf88b3_JaffaCakes118

  • Size

    144KB

  • Sample

    240628-bsztbswcpk

  • MD5

    1848353afd6a5f6cb7f80cc6a5cf88b3

  • SHA1

    762ec4fd1d04ab5e8d461dc981f5292ddc812748

  • SHA256

    d4a6dfe5a3f06b967cd2e30da6b8a2c63c09a123f95ba94967e79a38d6442137

  • SHA512

    eccd9aa075b83ea502714cb3791ec6c1672e746f7262fcd49f17e354b794b44a9b8f8d2210d8e2d9edc1e9c4e605d99a6a6eb8054c19924d1a3f088b169368c7

  • SSDEEP

    3072:pLLCrFC44CcC6tArw/KLkuZBN9ePlQ+GZPc/dDX:AkCc7/IkuZB7edfh/9

Malware Config

Extracted

Family

pony

C2

http://www.alberghi.com:8080/pony/gate.php

http://buyandsmile.atomclick.co:8080/pony/gate.php

Attributes
  • payload_url

    http://seooptimizacija.lt/25Gtbkom/J6rZLPSs.exe

    http://ftp.intervene.com.br/in2y208u/atv.exe

    http://gecelereakalim.com/tmXZ0JgG/cTn.exe

Targets

    • Target

      1848353afd6a5f6cb7f80cc6a5cf88b3_JaffaCakes118

    • Size

      144KB

    • MD5

      1848353afd6a5f6cb7f80cc6a5cf88b3

    • SHA1

      762ec4fd1d04ab5e8d461dc981f5292ddc812748

    • SHA256

      d4a6dfe5a3f06b967cd2e30da6b8a2c63c09a123f95ba94967e79a38d6442137

    • SHA512

      eccd9aa075b83ea502714cb3791ec6c1672e746f7262fcd49f17e354b794b44a9b8f8d2210d8e2d9edc1e9c4e605d99a6a6eb8054c19924d1a3f088b169368c7

    • SSDEEP

      3072:pLLCrFC44CcC6tArw/KLkuZBN9ePlQ+GZPc/dDX:AkCc7/IkuZB7edfh/9

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks