Overview

overview

10

Static

static

10

f31a28e412...18.exe

windows7-x64

10

f31a28e412...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f31a28e412684d5de4da57a730cf3a1e_JaffaCakes118

  • Size

    89KB

  • Sample

    240924-h4j1ksyfqb

  • MD5

    f31a28e412684d5de4da57a730cf3a1e

  • SHA1

    ab4145f853f0a870f4207a98583585af1db8bb58

  • SHA256

    a38a4d39a9e5f3284495c9ea5c11011b502a792c456d430fd5c4551b57acba58

  • SHA512

    e390925cc67df788c34c6df5a5e8fc4cf38ef8a971f727f24f88ec69ae7ae0764e2277081b667766b78a7dbec347d4022ff2dc16ef64696676ee5a9f87a2321a

  • SSDEEP

    1536:2OR3cfxIJdqTajQLbNz96fo1sguQYffSxQjiJuO5EPZTv2EapkzZ0V:TxquCbNz9qo1xpWO568Eai6

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://78.47.136.74:8080/ponyd/gate.php

http://173.214.223.20:8080/ponyd/gate.php

http://4.valuecrem.com/ponyd/gate.php

http://4.vilcor.com/ponyd/gate.php
Attributes
  • payload_url

    http://nhb.irptd.org.in/yEA.exe

    http://www.xn--finanzhausfrst-qsb.de/iRM.exe

    http://stockinter.intersport.es/MU4jW3pk.exe

    http://nietypowydom.pl/7Pi.exe

    http://calculasdata.com/RQdkai.exe

    http://63.135.106.249/xrpc.exe

Targets

    • Target

      f31a28e412684d5de4da57a730cf3a1e_JaffaCakes118

    • Size

      89KB

    • MD5

      f31a28e412684d5de4da57a730cf3a1e

    • SHA1

      ab4145f853f0a870f4207a98583585af1db8bb58

    • SHA256

      a38a4d39a9e5f3284495c9ea5c11011b502a792c456d430fd5c4551b57acba58

    • SHA512

      e390925cc67df788c34c6df5a5e8fc4cf38ef8a971f727f24f88ec69ae7ae0764e2277081b667766b78a7dbec347d4022ff2dc16ef64696676ee5a9f87a2321a

    • SSDEEP

      1536:2OR3cfxIJdqTajQLbNz96fo1sguQYffSxQjiJuO5EPZTv2EapkzZ0V:TxquCbNz9qo1xpWO568Eai6

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks