General

  • Target

    84a2ff961acfeb0d4ef598243c3c4616_JaffaCakes118

  • Size

    118KB

  • MD5

    84a2ff961acfeb0d4ef598243c3c4616

  • SHA1

    afdc3903b4d55a7a22659073e6252df390ddbf64

  • SHA256

    fadf22ab8a361e7e1cee577c6cbf3a36f6e613f858946774af02ea9ffac896f4

  • SHA512

    f619b13b46f48fc8f1b567c867e01a2b162c6120d85672494e76fd83a003bd04819e7445cff91551a81d75ca4894de33b6e2539781033587db858b44752f55c1

  • SSDEEP

    1536:RuSOnbBjD3sqTEIZwDJ8214vP0EH0PBV2VmtZOLxpITvSc9JEQSkzm+D9UynUwvJ:4SO13xKW214vPo5bO9vcHEQK+DeyUwv

Score
10/10

Malware Config

Extracted

Family

pony

C2

http://web-plasa.com/2/3/xxx/gate.php

Attributes
  • payload_url

    http://176.74.218.47/winAPI.exe

Signatures

  • Pony family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 84a2ff961acfeb0d4ef598243c3c4616_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections