Overview

overview

10

Static

static

10

cb4b5cc9be...18.exe

windows7-x64

10

cb4b5cc9be...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb4b5cc9be5643cfecb078df2edd39e3_JaffaCakes118

  • Size

    89KB

  • Sample

    240830-vvr12svhle

  • MD5

    cb4b5cc9be5643cfecb078df2edd39e3

  • SHA1

    9359fccd08f9cba6944ca9753c7acfa6b45a3c2c

  • SHA256

    a7eb4789e2037b1e012b9679d4b6d2c8e566b12e0377fbb98d7ba11c8953a8ee

  • SHA512

    404c4252026e35df86d2e684adcedfd158d9468c13767b3a2cd406808711ce9910662820be38fe7295bdd323d5827b9c1f3e8f3cc6e38673470d8c5c827f3601

  • SSDEEP

    1536:uwgC+7MqTeC1qywGUeiTyFtxyy8qgM6XIPFOL5DATvYEQZkzmq+L:jgV8yw/Tyd8RqOHEQlj

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://cloud.social-neos.eu:8080/ponyb/gate.php

http://eyon-neos.eu:8080/ponyb/gate.php

http://quest.social-neos.eu:8080/ponyb/gate.php

http://social-neos.eu:8080/ponyb/gate.php

Targets

    • Target

      cb4b5cc9be5643cfecb078df2edd39e3_JaffaCakes118

    • Size

      89KB

    • MD5

      cb4b5cc9be5643cfecb078df2edd39e3

    • SHA1

      9359fccd08f9cba6944ca9753c7acfa6b45a3c2c

    • SHA256

      a7eb4789e2037b1e012b9679d4b6d2c8e566b12e0377fbb98d7ba11c8953a8ee

    • SHA512

      404c4252026e35df86d2e684adcedfd158d9468c13767b3a2cd406808711ce9910662820be38fe7295bdd323d5827b9c1f3e8f3cc6e38673470d8c5c827f3601

    • SSDEEP

      1536:uwgC+7MqTeC1qywGUeiTyFtxyy8qgM6XIPFOL5DATvYEQZkzmq+L:jgV8yw/Tyd8RqOHEQlj

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks