Overview

overview

10

Static

static

3

06dff94a00...18.exe

windows7-x64

10

06dff94a00...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06dff94a00b607b76fb7320f82b2a788_JaffaCakes118

  • Size

    123KB

  • Sample

    241001-wxlsgsxdlc

  • MD5

    06dff94a00b607b76fb7320f82b2a788

  • SHA1

    413c446a8fa5f2bfa5787c21b3987629d7eed4eb

  • SHA256

    e1a2413e4a169b0dd03e55ec461d3b71ff1e569022ebb62b9b80851e44eede77

  • SHA512

    8452dcc7493b48ffeca7caad0572980142880f0971c5d61f3b57ddc1af7c599022f926ad0565d94ffe64ff93a964d3229e843ea304ad8879417312c979ae321b

  • SSDEEP

    3072:y5bZjY1hZt2h1Rmg5uN3/dUrfpa2tdSqCZm:EbZ01h2h1nuZ1Wpa2tA1Z

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://testdnk.com.ua/default.php

http://omega-planet-ocean.com/default.php

http://brande-saubion.com/default.php

http://bureaumuus.nl/default.php

http://adioscuba.com/default.php

Targets

    • Target

      06dff94a00b607b76fb7320f82b2a788_JaffaCakes118

    • Size

      123KB

    • MD5

      06dff94a00b607b76fb7320f82b2a788

    • SHA1

      413c446a8fa5f2bfa5787c21b3987629d7eed4eb

    • SHA256

      e1a2413e4a169b0dd03e55ec461d3b71ff1e569022ebb62b9b80851e44eede77

    • SHA512

      8452dcc7493b48ffeca7caad0572980142880f0971c5d61f3b57ddc1af7c599022f926ad0565d94ffe64ff93a964d3229e843ea304ad8879417312c979ae321b

    • SSDEEP

      3072:y5bZjY1hZt2h1Rmg5uN3/dUrfpa2tdSqCZm:EbZ01h2h1nuZ1Wpa2tA1Z

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks