Overview

overview

10

Static

static

10

530617eb4e...18.exe

windows7-x64

10

530617eb4e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    530617eb4e8539377f0528f4062f8790_JaffaCakes118

  • Size

    89KB

  • Sample

    240729-t5zcfaxhnk

  • MD5

    530617eb4e8539377f0528f4062f8790

  • SHA1

    02998856ea8529382941e8ef6b8b8c74d2699326

  • SHA256

    38ad75b1f16ff8ad37e779802b3979d5dbc8ebe9b4b17e1eec20bde4a9e7417e

  • SHA512

    6c4e7c41f89cbaacdde47d9cba5790a9dea22a01b229d35e3e9d4ec34d5b7e1aae96bcebfebdb80cd34ea05715d029c1e7c2da364879dc5f0b9c55cdef91cadc

  • SSDEEP

    1536:6Dh3csBGoHqT/T6099z9pvBV+miuQSzy5uOekEuTvGE6dkzZt:yhbX299z9dBV+NJAOexhE6et

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://forum-voip.com:8080/ponyb/gate.php

http://forum-voip.net:8080/ponyb/gate.php

http://paralysiesfaciale.com:8080/ponyb/gate.php

http://paralysiesfaciales.com:8080/ponyb/gate.php
Attributes
  • payload_url

    http://elektroinvest.com.mk/wo5.exe

    http://cerram.es/222Xu.exe

    http://alina-schmitt.de/qJ1qhU.exe

    http://smallbizsuccessguide.com/g6XiC.exe

    http://pastamutfagi.com/up0UEB.exe

Targets

    • Target

      530617eb4e8539377f0528f4062f8790_JaffaCakes118

    • Size

      89KB

    • MD5

      530617eb4e8539377f0528f4062f8790

    • SHA1

      02998856ea8529382941e8ef6b8b8c74d2699326

    • SHA256

      38ad75b1f16ff8ad37e779802b3979d5dbc8ebe9b4b17e1eec20bde4a9e7417e

    • SHA512

      6c4e7c41f89cbaacdde47d9cba5790a9dea22a01b229d35e3e9d4ec34d5b7e1aae96bcebfebdb80cd34ea05715d029c1e7c2da364879dc5f0b9c55cdef91cadc

    • SSDEEP

      1536:6Dh3csBGoHqT/T6099z9pvBV+miuQSzy5uOekEuTvGE6dkzZt:yhbX299z9dBV+NJAOexhE6et

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks