Overview

overview

10

Static

static

3

029451de54...18.exe

windows7-x64

10

029451de54...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    029451de54b71376f7242ac519b5d7f5_JaffaCakes118

  • Size

    130KB

  • Sample

    240930-wgnxxasaqh

  • MD5

    029451de54b71376f7242ac519b5d7f5

  • SHA1

    c63abba828e78e318817c83b689083a40125376f

  • SHA256

    65f3664f4eaa9ea7c238703090671a420337f20e083d0f5d180e669fc3f5923a

  • SHA512

    082b2f6306b3852901a4f4b661f934c3536092353df73941fa01043c3f1f9787f27a07390d49f42d5d72439719de9da82c2fe617b21578eeaab9ad2ec58a6be2

  • SSDEEP

    1536:dHCKQy+XlMLO7ctAflA5SyDwFSQOQVTmoQBaU8mS7e29kRNOU3qb7R+whg+YAW:diKQy6yLw25SC5MSi5e29kJqH0whg6

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://116.122.158.195:8080/forum/viewtopic.php

http://siteseoguide.com:8080/forum/viewtopic.php

http://uksonlinedating.com:8080/forum/viewtopic.php

http://199.59.56.105:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://www.fjk-led.com/6c27.exe

    http://ampsinterconnect.com/6FV8NS.exe

    http://mariefredbk.se/H1Vpo.exe

Targets

    • Target

      029451de54b71376f7242ac519b5d7f5_JaffaCakes118

    • Size

      130KB

    • MD5

      029451de54b71376f7242ac519b5d7f5

    • SHA1

      c63abba828e78e318817c83b689083a40125376f

    • SHA256

      65f3664f4eaa9ea7c238703090671a420337f20e083d0f5d180e669fc3f5923a

    • SHA512

      082b2f6306b3852901a4f4b661f934c3536092353df73941fa01043c3f1f9787f27a07390d49f42d5d72439719de9da82c2fe617b21578eeaab9ad2ec58a6be2

    • SSDEEP

      1536:dHCKQy+XlMLO7ctAflA5SyDwFSQOQVTmoQBaU8mS7e29kRNOU3qb7R+whg+YAW:diKQy6yLw25SC5MSi5e29kJqH0whg6

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks