Overview

overview

10

Static

static

1

ed7bd4321e...18.exe

windows7-x64

10

ed7bd4321e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed7bd4321ee51e5762d8f0b748686460_JaffaCakes118

  • Size

    108KB

  • Sample

    240920-nkymhsthkn

  • MD5

    ed7bd4321ee51e5762d8f0b748686460

  • SHA1

    825b9b4cc222321a28b25e57efc4bb9ee903f537

  • SHA256

    122698737d586955bf4960c60239eae59620d2030809fc0b03decd4e6112a895

  • SHA512

    aa40630ba90a7893270241608a3c32b352e9c6e6016d9abb8b47cc1c60f176b5c78123c874532117fe1efc3cb1fef4442f283f09b74fc3c16abdfbffb4190632

  • SSDEEP

    3072:OFF3wQ1kYCp/GzuubC3ZiGqcxYjH/4eBHs1I:qw9Tp/GDm3GBjH/zd

Score
10/10
ponycredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://200.72.183.54:81/pony/gate.php

http://91.121.84.204:8080/pony/gate.php
Attributes
  • payload_url

    http://astrum-rybka.ru/CUyfRYaU/JrhtN.exe

    http://hermesdiepenbeek.be/5sGmi7RJ/ZSY.exe

    http://mysophiebiz.co.cc/m2bmBf3r/q1z.exe

Targets

    • Target

      ed7bd4321ee51e5762d8f0b748686460_JaffaCakes118

    • Size

      108KB

    • MD5

      ed7bd4321ee51e5762d8f0b748686460

    • SHA1

      825b9b4cc222321a28b25e57efc4bb9ee903f537

    • SHA256

      122698737d586955bf4960c60239eae59620d2030809fc0b03decd4e6112a895

    • SHA512

      aa40630ba90a7893270241608a3c32b352e9c6e6016d9abb8b47cc1c60f176b5c78123c874532117fe1efc3cb1fef4442f283f09b74fc3c16abdfbffb4190632

    • SSDEEP

      3072:OFF3wQ1kYCp/GzuubC3ZiGqcxYjH/4eBHs1I:qw9Tp/GDm3GBjH/zd

    Score
    10/10
    ponycredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks