Overview

overview

10

Static

static

3

ddb20e7027...18.exe

windows11-21h2-x64

10

Resubmissions

13-09-2024 04:57

240913-flleksvgrl 10

13-09-2024 04:54

240913-fjm6dswbje 10

13-09-2024 04:42

240913-fbqasavgna 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddb20e7027d2af065ea1ada53ecbb50f_JaffaCakes118

  • Size

    153KB

  • Sample

    240913-fjm6dswbje

  • MD5

    ddb20e7027d2af065ea1ada53ecbb50f

  • SHA1

    c8b3c5d4cb6d83c28417b0648a74be6fb15328bc

  • SHA256

    6febf4f2b8682305dc5a5ee9acf5118da5dd1dcf1f143a141b1ccc08055c1ee4

  • SHA512

    9f9bc3be661dbce8fd102564fdf12ab1e4f60aeb6bb30005d432bd506c02737191ba81fa7fcc78ff195bf8152db4e13051d8141043369c07188ed16237f8f989

  • SSDEEP

    3072:QG67gSVoTNFNHkae50au8H7yEgZ0Md9q35G+g:QG6ZVoTNFVm50au8HSZz9q3Y+

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://67.215.225.205:8080/forum/viewtopic.php

http://216.231.139.111/forum/viewtopic.php
Attributes
  • payload_url

    http://acwebnet.com/cueT50r.exe

    http://grandfoolsderby.com/k3Jz2.exe

    http://www.fahrsicherheit-cardrive.de/ZGg.exe

Targets

    • Target

      ddb20e7027d2af065ea1ada53ecbb50f_JaffaCakes118

    • Size

      153KB

    • MD5

      ddb20e7027d2af065ea1ada53ecbb50f

    • SHA1

      c8b3c5d4cb6d83c28417b0648a74be6fb15328bc

    • SHA256

      6febf4f2b8682305dc5a5ee9acf5118da5dd1dcf1f143a141b1ccc08055c1ee4

    • SHA512

      9f9bc3be661dbce8fd102564fdf12ab1e4f60aeb6bb30005d432bd506c02737191ba81fa7fcc78ff195bf8152db4e13051d8141043369c07188ed16237f8f989

    • SSDEEP

      3072:QG67gSVoTNFNHkae50au8H7yEgZ0Md9q35G+g:QG6ZVoTNFVm50au8HSZz9q3Y+

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks