Overview

overview

10

Static

static

10

ee29b887eb...18.exe

windows7-x64

10

ee29b887eb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee29b887ebd59aeb23823adfc6e0d867_JaffaCakes118

  • Size

    103KB

  • Sample

    240920-wvq97azhnp

  • MD5

    ee29b887ebd59aeb23823adfc6e0d867

  • SHA1

    7e39dee774d3f705d7acefb5318e0b5af602641d

  • SHA256

    82fdbb556b931404318c54f2ae248797c33fde6ebf23fabc0ba75dc0eff43c71

  • SHA512

    c6cf7eb67419ec807f249c6b06ff39c44880204aaa0122e59dc18323f83496a24cdb674d41e354336728e4d07c8c9edc005829b315ddddb1b5d6ce2e417537fb

  • SSDEEP

    1536:nDTi4mJqTHvzWPk5+/RxEvaGmuVE3YpZMOjMnQTvYEQhkzZPwMhw:DTq7k5+/RivbmCETOjgEQKPwp

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://182.23.41.20:8080/pony/gate.php

http://108.178.59.15/pony/gate.php
Attributes
  • payload_url

    http://bellaprobeauty.com/TUZCpyj.exe

    http://safarietplatinium.com.ve/NRs3pZfy.exe

    http://freegermanpornsex.com/YiHVUjb.exe

Targets

    • Target

      ee29b887ebd59aeb23823adfc6e0d867_JaffaCakes118

    • Size

      103KB

    • MD5

      ee29b887ebd59aeb23823adfc6e0d867

    • SHA1

      7e39dee774d3f705d7acefb5318e0b5af602641d

    • SHA256

      82fdbb556b931404318c54f2ae248797c33fde6ebf23fabc0ba75dc0eff43c71

    • SHA512

      c6cf7eb67419ec807f249c6b06ff39c44880204aaa0122e59dc18323f83496a24cdb674d41e354336728e4d07c8c9edc005829b315ddddb1b5d6ce2e417537fb

    • SSDEEP

      1536:nDTi4mJqTHvzWPk5+/RxEvaGmuVE3YpZMOjMnQTvYEQhkzZPwMhw:DTq7k5+/RivbmCETOjgEQKPwp

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks