Overview

overview

10

Static

static

3

d1b269eb4a...18.exe

windows7-x64

10

d1b269eb4a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d1b269eb4abbac81247a88d44e73cdf5_JaffaCakes118

  • Size

    153KB

  • Sample

    240907-mbhdhaygpe

  • MD5

    d1b269eb4abbac81247a88d44e73cdf5

  • SHA1

    d1af2bdd03a3db7f4197090b58ffd1ff64a3ccea

  • SHA256

    424f1080277881ce90b729879cd41dd24ebba1d4f60c1355f7a0e1299f655fca

  • SHA512

    352ccd4218719c72f6c0f1909345d52224edfcb060d48846cfa7498a097bca9dd5c434b9edd0b61ae54ccae52156bde950a01c08da59a8ac9538ae1032da6366

  • SSDEEP

    3072:Cu7gSVoTNFNHkae50au8H7yEgZ0Md9q35G6e:CuZVoTNFVm50au8HSZz9q3Y6

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://67.215.225.205:8080/forum/viewtopic.php

http://216.231.139.111/forum/viewtopic.php
Attributes
  • payload_url

    http://acwebnet.com/cueT50r.exe

    http://grandfoolsderby.com/k3Jz2.exe

    http://www.fahrsicherheit-cardrive.de/ZGg.exe

Targets

    • Target

      d1b269eb4abbac81247a88d44e73cdf5_JaffaCakes118

    • Size

      153KB

    • MD5

      d1b269eb4abbac81247a88d44e73cdf5

    • SHA1

      d1af2bdd03a3db7f4197090b58ffd1ff64a3ccea

    • SHA256

      424f1080277881ce90b729879cd41dd24ebba1d4f60c1355f7a0e1299f655fca

    • SHA512

      352ccd4218719c72f6c0f1909345d52224edfcb060d48846cfa7498a097bca9dd5c434b9edd0b61ae54ccae52156bde950a01c08da59a8ac9538ae1032da6366

    • SSDEEP

      3072:Cu7gSVoTNFNHkae50au8H7yEgZ0Md9q35G6e:CuZVoTNFVm50au8HSZz9q3Y6

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks