General

  • Target

    e83af09e7f56e037a2221633e956a041_JaffaCakes118

  • Size

    126KB

  • Sample

    240918-dw7pfs1bnk

  • MD5

    e83af09e7f56e037a2221633e956a041

  • SHA1

    a4f0227cc66f20a4e62aabbc0c75f7bbaa0713ba

  • SHA256

    88a540af6f363841400eb924ec6e09d6b9e034fe9f7aeea4749d68951768df74

  • SHA512

    c515e51fda737c815f0fe425bdba8071b614f81721ad2c5676ae1f85f27a94abb1be35033ee5c03908f9e690f6c146a8cad4fd722fb02c04bafe72b671e2d9aa

  • SSDEEP

    1536:hLpmst1IypB7rlr9TeBxmdOsW5QnbVapCgXUFwieapTcS2NsJWTrkye5aSO/CvCq:znIAt51eBxmdu+papNwwiDchkWPOsBA

Malware Config

Extracted

Family

pony

C2

http://200.72.183.54:81/pony/gate.php

http://91.121.84.204:8080/pony/gate.php

Attributes
  • payload_url

    http://proyectoindio.org/7Qo.exe

    http://astronomika.com/493.exe

    http://12am.ro/0iZDFn1.exe

Targets

    • Target

      e83af09e7f56e037a2221633e956a041_JaffaCakes118

    • Size

      126KB

    • MD5

      e83af09e7f56e037a2221633e956a041

    • SHA1

      a4f0227cc66f20a4e62aabbc0c75f7bbaa0713ba

    • SHA256

      88a540af6f363841400eb924ec6e09d6b9e034fe9f7aeea4749d68951768df74

    • SHA512

      c515e51fda737c815f0fe425bdba8071b614f81721ad2c5676ae1f85f27a94abb1be35033ee5c03908f9e690f6c146a8cad4fd722fb02c04bafe72b671e2d9aa

    • SSDEEP

      1536:hLpmst1IypB7rlr9TeBxmdOsW5QnbVapCgXUFwieapTcS2NsJWTrkye5aSO/CvCq:znIAt51eBxmdu+papNwwiDchkWPOsBA

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.