Overview

overview

10

Static

static

10

f4546159b4...18.exe

windows7-x64

10

f4546159b4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4546159b4f741ccf691a501152c4a60_JaffaCakes118

  • Size

    88KB

  • Sample

    240924-xyldsazgkm

  • MD5

    f4546159b4f741ccf691a501152c4a60

  • SHA1

    a562a95199986ef58e9e989ab884edd51e5e630e

  • SHA256

    d7717d153bc54916361f2f43445063f764c6afdbd8bc571247b0e43a78d5d1f9

  • SHA512

    347a21dc09e62c4a41d8d2cb822860dc871b126315da2f7c8b9e19b701579cef8853d70b7714235a34fa3523d84a6af871405219566509c2ce04ef870800fa0a

  • SSDEEP

    1536:x3V3e8KytqTZkYu5SCvaDBzgM+5zu9kS24zxAkOg8WTvMEIAkzZ3:9dOy+ubiDBzv+1H4OgYEIr3

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://alliancewebsolutions.ca/default.php?pTAbiD727i718NF9QmgoyI6EngsH

http://shahidlari.ir/default.php?Ocnljof5UEdBOI7mL6m12TWEdMz6Q5IrkhugDr

http://uterinefury.com/default.php?2Hj89fmhGU8vXXLOWkEzkJIlfn6A47lDcQFt

http://see-the-progress.com/default.php?ibw9pMYyb2tWKiFVxToGZzM6N2wvcho

http://anklejointpain.org/default.php?MMqjbue9Bvg5Zgp67wAUQ3w9Pk1YQPTgN

Targets

    • Target

      f4546159b4f741ccf691a501152c4a60_JaffaCakes118

    • Size

      88KB

    • MD5

      f4546159b4f741ccf691a501152c4a60

    • SHA1

      a562a95199986ef58e9e989ab884edd51e5e630e

    • SHA256

      d7717d153bc54916361f2f43445063f764c6afdbd8bc571247b0e43a78d5d1f9

    • SHA512

      347a21dc09e62c4a41d8d2cb822860dc871b126315da2f7c8b9e19b701579cef8853d70b7714235a34fa3523d84a6af871405219566509c2ce04ef870800fa0a

    • SSDEEP

      1536:x3V3e8KytqTZkYu5SCvaDBzgM+5zu9kS24zxAkOg8WTvMEIAkzZ3:9dOy+ubiDBzv+1H4OgYEIr3

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks