Overview

overview

10

Static

static

1

fd03895cf6...18.exe

windows7-x64

10

fd03895cf6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd03895cf6ece3945eb45d0474281412_JaffaCakes118

  • Size

    190KB

  • Sample

    240928-yfr92swdlg

  • MD5

    fd03895cf6ece3945eb45d0474281412

  • SHA1

    0075fe28c270d74171af4e0bd41e8e74495d5b6e

  • SHA256

    d9d03369a2cb011bb195cf4e8fe5685cd17679330f9635d575eceac3f2179e70

  • SHA512

    bda46fae9e8bd3cb6f6f8c5dd3af4e5203ced32db29b545922d4af0c94f4a9eaadab79f1d6c175f166a1a2262e349b098448fc37fa6e76492d326fc028b7cf76

  • SSDEEP

    3072:748jXfMJu2BHqeEfKUQ1+ZqgcVcm7DzeoY30Zu:74uvElqeEfKUQEQHDKogX

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://213.155.112.91:8080/forum/viewtopic.php

http://213.155.112.92:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://kapitalmenkul.com.tr/Qr4.exe

    http://funeralservicesprovider.com/5izA.exe

    http://eflanicukurorenkoyu.org/sN5XnB.exe

Targets

    • Target

      fd03895cf6ece3945eb45d0474281412_JaffaCakes118

    • Size

      190KB

    • MD5

      fd03895cf6ece3945eb45d0474281412

    • SHA1

      0075fe28c270d74171af4e0bd41e8e74495d5b6e

    • SHA256

      d9d03369a2cb011bb195cf4e8fe5685cd17679330f9635d575eceac3f2179e70

    • SHA512

      bda46fae9e8bd3cb6f6f8c5dd3af4e5203ced32db29b545922d4af0c94f4a9eaadab79f1d6c175f166a1a2262e349b098448fc37fa6e76492d326fc028b7cf76

    • SSDEEP

      3072:748jXfMJu2BHqeEfKUQ1+ZqgcVcm7DzeoY30Zu:74uvElqeEfKUQEQHDKogX

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks