Overview

overview

10

Static

static

10

4a86707442...18.exe

windows7-x64

10

4a86707442...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a867074425165fe805ac94a633a5c90_JaffaCakes118

  • Size

    92KB

  • Sample

    240729-q8va4svhrb

  • MD5

    4a867074425165fe805ac94a633a5c90

  • SHA1

    98812a71f92cf640d1eb2b2f63aeb7dec99fc414

  • SHA256

    c0e7271c4b32d95504b7622335144af32785d45b81d88d91ae3d2688733f0e73

  • SHA512

    3f4971edc4845e55bc7e63ada9ed678c93a3325afa9fed2f29182e867afdedcef46402a2170e805af17a154e61c9278411cae0ed7b55e368938555d3470e3841

  • SSDEEP

    1536:4uzaltfBSqTcPNDC94OjrL6dw0Yzp5SkzzVSZUdfFvQchyS+OOo+dTvOECBVkzmG:pypAbOjrb0Yzp5SwQZUvR+Od3ECbG

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://weshift.net:8080/forum/viewtopic.php

http://207.58.180.139:8080/forum/viewtopic.php

http://aoc.fm:8080/forum/viewtopic.php

http://changepioneers.at:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://www.myappie.com/csAm.exe

    http://eco-build.gr/7nX7Wqm.exe

    http://163756.webhosting63.1blu.de/2uKiv.exe

Targets

    • Target

      4a867074425165fe805ac94a633a5c90_JaffaCakes118

    • Size

      92KB

    • MD5

      4a867074425165fe805ac94a633a5c90

    • SHA1

      98812a71f92cf640d1eb2b2f63aeb7dec99fc414

    • SHA256

      c0e7271c4b32d95504b7622335144af32785d45b81d88d91ae3d2688733f0e73

    • SHA512

      3f4971edc4845e55bc7e63ada9ed678c93a3325afa9fed2f29182e867afdedcef46402a2170e805af17a154e61c9278411cae0ed7b55e368938555d3470e3841

    • SSDEEP

      1536:4uzaltfBSqTcPNDC94OjrL6dw0Yzp5SkzzVSZUdfFvQchyS+OOo+dTvOECBVkzmG:pypAbOjrb0Yzp5SwQZUvR+Od3ECbG

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks