Overview

overview

10

Static

static

3

fa687d9dd9...18.exe

windows7-x64

10

fa687d9dd9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa687d9dd9ec8289a3e89ae62de1e9c3_JaffaCakes118

  • Size

    114KB

  • Sample

    240927-pnyx5avema

  • MD5

    fa687d9dd9ec8289a3e89ae62de1e9c3

  • SHA1

    3318e3e1d10c0de1bcbadde1adc90a102770b439

  • SHA256

    2ff4716757f058ac284c15b6e3cf5bdbac325b65e23d6435dd7611fe80da3d2d

  • SHA512

    5f217d56112fe681077769c45eab9bc6fb30ee51f62ed56decd658435b0a358de47c2b16f2749d3002f8c659fcf592fe3f72046423af7c0705d94d9cfa8a8e44

  • SSDEEP

    3072:/XAtWYKBlVxMGYhLUw8Ytgu/su6mo4+dJpYO9:fAoYKXVxsxUwKuwH

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://66.175.212.25/pony/gate.php

http://69.194.194.238/pony/gate.php
Attributes
  • payload_url

    http://alcaponecigarillos.com/RdKtpaU.exe

    http://artseo.abetka.kiev.ua/urS1R.exe

    http://omfb.vpsat.be/ped3Hzx5.exe

Targets

    • Target

      fa687d9dd9ec8289a3e89ae62de1e9c3_JaffaCakes118

    • Size

      114KB

    • MD5

      fa687d9dd9ec8289a3e89ae62de1e9c3

    • SHA1

      3318e3e1d10c0de1bcbadde1adc90a102770b439

    • SHA256

      2ff4716757f058ac284c15b6e3cf5bdbac325b65e23d6435dd7611fe80da3d2d

    • SHA512

      5f217d56112fe681077769c45eab9bc6fb30ee51f62ed56decd658435b0a358de47c2b16f2749d3002f8c659fcf592fe3f72046423af7c0705d94d9cfa8a8e44

    • SSDEEP

      3072:/XAtWYKBlVxMGYhLUw8Ytgu/su6mo4+dJpYO9:fAoYKXVxsxUwKuwH

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks