Overview

overview

10

Static

static

3

NACHA-Elec...df.exe

windows7-x64

10

NACHA-Elec...df.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d6de264abd04c3646bc5f90ee35f900_JaffaCakes118

  • Size

    69KB

  • Sample

    240728-xghxbsyckl

  • MD5

    1d6de264abd04c3646bc5f90ee35f900

  • SHA1

    497fd2f1d8bc50fe0983c78e3a1387814e7c4d07

  • SHA256

    f5c7b679d39e13513efaa6538568a10e9cd55bb1ce262a7a7d0f94836d0f523a

  • SHA512

    62fec82f1580047bd1cd8a4d6b7ce6a86a7048b53e00edfa6fca112c5eadba1923b0edc4c5cacd2cf39868d7ef9fd74caf3ca661ac6b6db94cc708e8b0a15f4d

  • SSDEEP

    1536:+QeZdNpEVR/8/I1adZxB6Et8h0wLvVKsG9ynnkVTUXp6R0w8jq/xLGCLL:+QevEz/8/I1a36KK7cmUTU54xLGCn

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://174.140.167.107/forum/viewtopic.php

http://173.245.7.230/forum/viewtopic.php
Attributes
  • payload_url

    http://dechotheband.gr/5Wjm3iV2.exe

    http://alpertarimurunleri.com/rRq.exe

    http://kuntticaret.com/v6e7WMJ.exe

    http://rumanas.org/1vAWoxz3.exe

    http://www.10130138.wavelearn.de/4pxp.exe

    http://184.107.222.147/c6uHT1.exe

    http://visiosofttechnologies.com/iDm9vs.exe

    http://autogold.com/oft4wna.exe

    http://plusloinart.be/Ue7cHNm.exe

    http://marengoit.pl/ZBrBpBh2.exe

Targets

    • Target

      NACHA-Electronic-Payment-System-report-ID342234E344F456643111E234F45566433.pdf.exe

    • Size

      104KB

    • MD5

      d74009b4aa9244aa28fe58f4923448f0

    • SHA1

      a564c103003a721f907ddd2c1aa5c021cdde2add

    • SHA256

      67ea2672944096c1c1bbd2990881c95d05ddb8351597231d3027c1766bd06f38

    • SHA512

      fe49c680436cdd96dcb802ce858add849744cf08fb1fb168607ec62500519cb6174b440ad191d650650ca0cf27906cb3aa8f88fb5287ba59447734cd5d83c3fd

    • SSDEEP

      3072:mWs1Px8w2x2bJMXGh17MPKy0KNKJ5OMvfW:mWsNx8wU2+Gh17CKjKNWbfW

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks