Overview

overview

10

Static

static

3

08bcc2b2ce...18.exe

windows7-x64

10

08bcc2b2ce...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08bcc2b2ce987213a5ad2199eada9d70_JaffaCakes118

  • Size

    121KB

  • Sample

    241002-ed1nvswblp

  • MD5

    08bcc2b2ce987213a5ad2199eada9d70

  • SHA1

    879728bfdeeb672fd44c24ae02427bce1f9206e9

  • SHA256

    470f541cff08935f58e742d48880ec777f2c5b55e94e14cfd18a5f09def52dc5

  • SHA512

    93984f9cb3dc33f3469a45fed3ca18d7702199bc790efbbd49d54d769102dd3ce54d4355b2fc08761b8469891fd0bd0463cd19040ba59c01766392682d3a41cd

  • SSDEEP

    1536:2/OBXq890Qul4agWedX3Zyd5GQMdYDRTSe2/exvPo+f896h6X573N:2mBz0Hl4jLgaiDxSAvqQ6r

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://nursenextdoor.com:443/forum/viewtopic.php

http://dreamonseniorswish.org:443/forum/viewtopic.php

http://prospexleads.com:8080/forum/viewtopic.php

http://phonebillssuck.com:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://ivyleagueessays.net/0x0yF.exe

    http://avantipizzaandpasta.com.au/HsyqgfV.exe

    http://franzs.dyndns.org/tCa.exe

    http://www.sfxfinder.de/cy6.exe

Targets

    • Target

      08bcc2b2ce987213a5ad2199eada9d70_JaffaCakes118

    • Size

      121KB

    • MD5

      08bcc2b2ce987213a5ad2199eada9d70

    • SHA1

      879728bfdeeb672fd44c24ae02427bce1f9206e9

    • SHA256

      470f541cff08935f58e742d48880ec777f2c5b55e94e14cfd18a5f09def52dc5

    • SHA512

      93984f9cb3dc33f3469a45fed3ca18d7702199bc790efbbd49d54d769102dd3ce54d4355b2fc08761b8469891fd0bd0463cd19040ba59c01766392682d3a41cd

    • SSDEEP

      1536:2/OBXq890Qul4agWedX3Zyd5GQMdYDRTSe2/exvPo+f896h6X573N:2mBz0Hl4jLgaiDxSAvqQ6r

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks