Overview

overview

10

Static

static

3

5e93246d23...18.exe

windows7-x64

10

5e93246d23...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e93246d234d3c9af0098a1fdaa41cd3_JaffaCakes118

  • Size

    124KB

  • Sample

    240729-zdjqkatdqh

  • MD5

    5e93246d234d3c9af0098a1fdaa41cd3

  • SHA1

    3c1e4201a63fc0b47769d298858b33c1a17539ad

  • SHA256

    c13017d1ac5dea80c209e2dc794c76b89338d0e3550366125d4a877be566a830

  • SHA512

    b2899033e701c725623b707b2c495b42561a21f3c1f30302a727aa97b54e03dcdce91e76b707a284a1ec65ceeb3a33be33e66483ecaba4e3f5e17bea9a1865f3

  • SSDEEP

    1536:saGC8kebxhvM2i0+lyy/Hh9P509FLGMG2+FbXY20m510MRuU7fUtQh8xvk2e4Qld:okebxGlt9B09v+miilYIQhIVFQlaxA

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealerupx

Malware Config

Extracted

Family

pony

C2

http://91.220.35.125/internet_goo.php

http://209.236.67.163/8bd7d5194/wergwrg3gwer

http://209.236.67.163/8bd7d5194/rebhg542

http://209.236.67.163/8bd7d5194/wert34g45ht

http://209.236.67.163/8bd7d5194/brgn424t235

http://209.236.67.163/8bd7d5194/werghw45gwe

Targets

    • Target

      5e93246d234d3c9af0098a1fdaa41cd3_JaffaCakes118

    • Size

      124KB

    • MD5

      5e93246d234d3c9af0098a1fdaa41cd3

    • SHA1

      3c1e4201a63fc0b47769d298858b33c1a17539ad

    • SHA256

      c13017d1ac5dea80c209e2dc794c76b89338d0e3550366125d4a877be566a830

    • SHA512

      b2899033e701c725623b707b2c495b42561a21f3c1f30302a727aa97b54e03dcdce91e76b707a284a1ec65ceeb3a33be33e66483ecaba4e3f5e17bea9a1865f3

    • SSDEEP

      1536:saGC8kebxhvM2i0+lyy/Hh9P509FLGMG2+FbXY20m510MRuU7fUtQh8xvk2e4Qld:okebxGlt9B09v+miilYIQhIVFQlaxA

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealerupx

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks