Overview

overview

10

Static

static

3

fc772058f2...18.exe

windows7-x64

10

fc772058f2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc772058f20a4fbab7709e30961fe514_JaffaCakes118

  • Size

    128KB

  • Sample

    240928-rgypwssejd

  • MD5

    fc772058f20a4fbab7709e30961fe514

  • SHA1

    01bdaccc419eb73314bab4e48cad5e35317a0e29

  • SHA256

    3ab530ce57aeada7df44a9f485db344f51c0e09465a543ef072bde794a446263

  • SHA512

    4d7feb5b2f80eaf5d2f13945eec714526b9b9fc3a761d89909f6d91b6ad2a2c70483bf0f19c63d7b4a8aefef16bca42c60afd376bea54499b396caea981ccdf9

  • SSDEEP

    3072:uGHi6mwjDl3q65eRX6BBZnF4ZohM+sJNH2MkHfbZjH:+QDs65m6BBjFhMFH2MkN

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://67.215.225.205:8080/forum/viewtopic.php

http://216.231.139.111/forum/viewtopic.php
Attributes
  • payload_url

    http://ctl-mexico.com/WtgME.exe

    http://cvilleshootingstars.com/JzU.exe

    http://ctamdq.org.ar/bigQm.exe

Targets

    • Target

      fc772058f20a4fbab7709e30961fe514_JaffaCakes118

    • Size

      128KB

    • MD5

      fc772058f20a4fbab7709e30961fe514

    • SHA1

      01bdaccc419eb73314bab4e48cad5e35317a0e29

    • SHA256

      3ab530ce57aeada7df44a9f485db344f51c0e09465a543ef072bde794a446263

    • SHA512

      4d7feb5b2f80eaf5d2f13945eec714526b9b9fc3a761d89909f6d91b6ad2a2c70483bf0f19c63d7b4a8aefef16bca42c60afd376bea54499b396caea981ccdf9

    • SSDEEP

      3072:uGHi6mwjDl3q65eRX6BBZnF4ZohM+sJNH2MkHfbZjH:+QDs65m6BBjFhMFH2MkN

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks