Overview

overview

10

Static

static

10

874d8b2703...18.exe

windows7-x64

10

874d8b2703...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    874d8b2703d50341a266a2061f009c10_JaffaCakes118

  • Size

    90KB

  • MD5

    874d8b2703d50341a266a2061f009c10

  • SHA1

    753793de258e7e720e3753fb6af62cc488235ade

  • SHA256

    2655552492172001ff7e1955372e1460d20ad37b1e22773bc846ec9b302a433c

  • SHA512

    b75d9fc31f41570fdb58489932846523e792117c984b154c3ae81327e51011331382e57df37b9e928c44b0dc3bbbfa8d2781da981e054b137504801176877c8c

  • SSDEEP

    1536:XZY3gY7nyxqTL2YqLMc2SIzLYswaHEu0CtIYa9OtkrQTvCEazkzZL:JQlnyBMc2SIzLvwakp1OtePEa8L

Score
10/10
pony

Malware Config

Extracted

Family

pony

C2

http://6.negutterkings.org/forum/viewtopic.php

http://6.nomoreicedams.com/forum/viewtopic.php
Attributes
  • payload_url

    http://cybermultizone.com/0P7x1KRz.exe

    http://fundepalma.org/hr5JHr1.exe

    http://files.tincan.tv/M0pGq.exe

    http://74.208.218.30/RngUvek.exe

    http://rdquark.com/cAB.exe

    http://matheusilva.com/ttmX4XF.exe

    http://alispide.net/V61zmw.exe

    http://centraldoha.com/ZcLfFhSw.exe

    http://docencia.cl/gUXoWb.exe

    http://hire-anyone.com/XSQaBPmC.exe

Signatures

  • Pony family
    pony
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 874d8b2703d50341a266a2061f009c10_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    2c8567c932832b8c3359ddf9343a4028


    Headers

    Imports

    Sections