Overview

overview

10

Static

static

3

e3d0921f06...18.exe

windows7-x64

10

e3d0921f06...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3d0921f068e3a8608a644b5c8972f77_JaffaCakes118

  • Size

    157KB

  • Sample

    240916-cje81atfja

  • MD5

    e3d0921f068e3a8608a644b5c8972f77

  • SHA1

    e29a836c7edec6f2fdc80de5bef82efc49d4d247

  • SHA256

    022d583860359434b074fbdd67da6ec7700b9ebb1b740c5c0d62c75cb7662120

  • SHA512

    a8dc9b1f755fe1868d552e1965dbf2b966c64bb475c53437836ab2bf4449a1c61e2ac34694e82fd8e3e55629a5b21471ebe2e6ed00a0c01cee3734b1641dfd6c

  • SSDEEP

    3072:KmH9OQoTNF3M6C53V4LOEEHggJMdDkhpwX4qOHy:KmHRoTNFc53V4LAAgEywXn2

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://67.215.225.205:8080/forum/viewtopic.php

http://69.194.193.166/forum/viewtopic.php
Attributes
  • payload_url

    http://acwebnet.com/cueT50r.exe

    http://grandfoolsderby.com/k3Jz2.exe

    http://www.fahrsicherheit-cardrive.de/ZGg.exe

Targets

    • Target

      e3d0921f068e3a8608a644b5c8972f77_JaffaCakes118

    • Size

      157KB

    • MD5

      e3d0921f068e3a8608a644b5c8972f77

    • SHA1

      e29a836c7edec6f2fdc80de5bef82efc49d4d247

    • SHA256

      022d583860359434b074fbdd67da6ec7700b9ebb1b740c5c0d62c75cb7662120

    • SHA512

      a8dc9b1f755fe1868d552e1965dbf2b966c64bb475c53437836ab2bf4449a1c61e2ac34694e82fd8e3e55629a5b21471ebe2e6ed00a0c01cee3734b1641dfd6c

    • SSDEEP

      3072:KmH9OQoTNF3M6C53V4LOEEHggJMdDkhpwX4qOHy:KmHRoTNFc53V4LAAgEywXn2

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks