Overview

overview

10

Static

static

3

04bf2aaa82...18.exe

windows7-x64

10

04bf2aaa82...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04bf2aaa821bdaac3cd41efb4f147880_JaffaCakes118

  • Size

    120KB

  • Sample

    241001-hkddpazejg

  • MD5

    04bf2aaa821bdaac3cd41efb4f147880

  • SHA1

    2077c6792f1f6a3f1e45941d94a393d7c223b99a

  • SHA256

    27e025db1f1b46c3c1d3ee6104cc7710de422653efd7e020166194adc3a307b7

  • SHA512

    43580e172ba3a1974de5dc12dc0f6c7359204ac22f1e070eb5d4b4d8df8e1268cf787bcd02964db50446c008b49b5b371dc16ce73c8c57abd360dd8b74a09b34

  • SSDEEP

    3072:3G3M81HR9+WI3AOntFR5Q/fi/DCyOpl5YrgPB:SXRQWmvKniCy0YMPB

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://nursenextdoor.com:443/forum/viewtopic.php

http://dreamonseniorswish.org:443/forum/viewtopic.php

http://prospexleads.com:8080/forum/viewtopic.php

http://phonebillssuck.com:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://216.14.122.151/UjH9.exe

    http://paulalfrey.com/gGSzTfJr.exe

    http://chadgunderson.com/q2Mt.exe

    http://landhausbakery.com/YKLF0Q1C.exe

Targets

    • Target

      04bf2aaa821bdaac3cd41efb4f147880_JaffaCakes118

    • Size

      120KB

    • MD5

      04bf2aaa821bdaac3cd41efb4f147880

    • SHA1

      2077c6792f1f6a3f1e45941d94a393d7c223b99a

    • SHA256

      27e025db1f1b46c3c1d3ee6104cc7710de422653efd7e020166194adc3a307b7

    • SHA512

      43580e172ba3a1974de5dc12dc0f6c7359204ac22f1e070eb5d4b4d8df8e1268cf787bcd02964db50446c008b49b5b371dc16ce73c8c57abd360dd8b74a09b34

    • SSDEEP

      3072:3G3M81HR9+WI3AOntFR5Q/fi/DCyOpl5YrgPB:SXRQWmvKniCy0YMPB

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks