General

  • Target

    18e80182e25bd0fa4d1704f3e27d2e23_JaffaCakes118

  • Size

    172KB

  • Sample

    240628-fxc8cawajj

  • MD5

    18e80182e25bd0fa4d1704f3e27d2e23

  • SHA1

    68dc25968144021c2da69a8e86dff438a1d973b5

  • SHA256

    a371540f706bed5b7db8f7a50e7a83da16081b002bcf38b5c534d98b9642b5ed

  • SHA512

    bacbd9d2544166b5d09e578cf490cbce2367669fc959605bd2c27b6c98f1ef81eca3ca04d07b5353fe14b8e5a6619182234e46f6e14389a0ba444bfc9cae0b88

  • SSDEEP

    1536:hotw+CNiaKMHhTwpXI9oEc8dXie1kqjfmtsWFj/YUpmYBb+kFeHn9Az:h1+eia5clIY5Gfmia/YUpmYBb+kF

Malware Config

Extracted

Family

pony

C2

http://212.58.20.11/forum/viewtopic.php

http://69.194.193.149/forum/viewtopic.php

Attributes
  • payload_url

    http://belmondi.com.br/hm7Gj7.exe

    http://andbengalievents.com/EAi7.exe

    http://haworthhawks.co.uk/UoUD.exe

Targets

    • Target

      18e80182e25bd0fa4d1704f3e27d2e23_JaffaCakes118

    • Size

      172KB

    • MD5

      18e80182e25bd0fa4d1704f3e27d2e23

    • SHA1

      68dc25968144021c2da69a8e86dff438a1d973b5

    • SHA256

      a371540f706bed5b7db8f7a50e7a83da16081b002bcf38b5c534d98b9642b5ed

    • SHA512

      bacbd9d2544166b5d09e578cf490cbce2367669fc959605bd2c27b6c98f1ef81eca3ca04d07b5353fe14b8e5a6619182234e46f6e14389a0ba444bfc9cae0b88

    • SSDEEP

      1536:hotw+CNiaKMHhTwpXI9oEc8dXie1kqjfmtsWFj/YUpmYBb+kFeHn9Az:h1+eia5clIY5Gfmia/YUpmYBb+kF

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks