Overview

overview

10

Static

static

10

fc3735b989...18.exe

windows7-x64

10

fc3735b989...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc3735b989983589711252b7cd1ff932_JaffaCakes118

  • Size

    97KB

  • Sample

    240928-nn9h7atdql

  • MD5

    fc3735b989983589711252b7cd1ff932

  • SHA1

    794a233c00dd8047490a1602b54e80bc769ad82a

  • SHA256

    51357f80c49e7dd61998efc163b61f187feebe6c374c3b50d259e7c50aef3166

  • SHA512

    61bf7f36cac563fe153ef882a1881df98638efc33aba50c46914827a1ed86e7559595048e45c9e94663b69c26930c78446c00713cb8c029028a0f50b3826017e

  • SSDEEP

    1536:mJLtXbLYqTMK4mXAK6dSen0hZvXQQp/PMDy8O7o43Tvbkzbk5ql/38K:WpLLEmXES9kQYO70Qql/38K

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://treshbux.ru/gate.php

Targets

    • Target

      fc3735b989983589711252b7cd1ff932_JaffaCakes118

    • Size

      97KB

    • MD5

      fc3735b989983589711252b7cd1ff932

    • SHA1

      794a233c00dd8047490a1602b54e80bc769ad82a

    • SHA256

      51357f80c49e7dd61998efc163b61f187feebe6c374c3b50d259e7c50aef3166

    • SHA512

      61bf7f36cac563fe153ef882a1881df98638efc33aba50c46914827a1ed86e7559595048e45c9e94663b69c26930c78446c00713cb8c029028a0f50b3826017e

    • SSDEEP

      1536:mJLtXbLYqTMK4mXAK6dSen0hZvXQQp/PMDy8O7o43Tvbkzbk5ql/38K:WpLLEmXES9kQYO70Qql/38K

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks