General

  • Target

    e7300abfa596757735ea820bb31528b2_JaffaCakes118

  • Size

    144KB

  • Sample

    240917-tfstcs1fpb

  • MD5

    e7300abfa596757735ea820bb31528b2

  • SHA1

    61dfc1d880a2259b3c99be9ccd862314a60b33fe

  • SHA256

    6556c619ea5693a31f96f5c5f207d4796fd75bbf90914ece901b07971bfa4501

  • SHA512

    9003a3e3020981e7dbf45f25af0009c16602c9d4fea470fb286a8a8e2b1e4d717f831f40e5c25813c785269c094d8e518d7438112f520b77aca52da85607faa8

  • SSDEEP

    3072:0jlKZelTD6X0PbG9ZfgD40H5nAwbuw+aw3gpaJafzud:4welS4bGjfOxtzbCWasbU

Malware Config

Extracted

Family

pony

C2

http://74.53.97.66:8080/forum/viewtopic.php

http://74.53.97.67:8080/forum/viewtopic.php

Attributes
  • payload_url

    http://underthepickletree.com.au/kmjeYdop.exe

    http://suntime.gr/Vxpy.exe

    http://www.luxurytimedistribution.com/QGp2J.exe

    http://erally.ro/dKXV3.exe

    http://autoinsurancequotest.org/vaqKy.exe

    http://thestoremilano.com/TaVnSz14.exe

Targets

    • Target

      e7300abfa596757735ea820bb31528b2_JaffaCakes118

    • Size

      144KB

    • MD5

      e7300abfa596757735ea820bb31528b2

    • SHA1

      61dfc1d880a2259b3c99be9ccd862314a60b33fe

    • SHA256

      6556c619ea5693a31f96f5c5f207d4796fd75bbf90914ece901b07971bfa4501

    • SHA512

      9003a3e3020981e7dbf45f25af0009c16602c9d4fea470fb286a8a8e2b1e4d717f831f40e5c25813c785269c094d8e518d7438112f520b77aca52da85607faa8

    • SSDEEP

      3072:0jlKZelTD6X0PbG9ZfgD40H5nAwbuw+aw3gpaJafzud:4welS4bGjfOxtzbCWasbU

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.