Overview

overview

10

Static

static

3

140774e4cc...18.exe

windows7-x64

10

140774e4cc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    140774e4ccc0abc1d6116394bb6ffd90_JaffaCakes118

  • Size

    120KB

  • Sample

    241004-th2jaatbmr

  • MD5

    140774e4ccc0abc1d6116394bb6ffd90

  • SHA1

    8d21ef0129078a60716d72e4bb6f822005ad202d

  • SHA256

    133211f4466289bd609e5179b9ff2a1ba6e40afa2c37345255eab80a7dee5e69

  • SHA512

    00313b6ac6311366a6890aa7e7fa8d1e13578880703b360026b1314884440e210f298e014b71b1e429fdc309bc9e0d5f97cbdabfbfbfe6697ce3c9e544345461

  • SSDEEP

    1536:ZRaJLwYVtRmfwJQYhrLIsG3S6kpqlht9A5Bw9KkkfadYGsVi76ssKJNKiORY:ZXoJQYNLN6kArA5KkfadYGsM3scGY

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://nursenextdoor.com:443/forum/viewtopic.php

http://dreamonseniorswish.org:443/forum/viewtopic.php

http://prospexleads.com:8080/forum/viewtopic.php

http://phonebillssuck.com:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://atlas247.com/aetNy.exe

    http://listinopainting.com/c8BHUBf.exe

    http://lemuelacosta.com/MZQB.exe

    http://www.srlgeus.it/0zhtDRem.exe

Targets

    • Target

      140774e4ccc0abc1d6116394bb6ffd90_JaffaCakes118

    • Size

      120KB

    • MD5

      140774e4ccc0abc1d6116394bb6ffd90

    • SHA1

      8d21ef0129078a60716d72e4bb6f822005ad202d

    • SHA256

      133211f4466289bd609e5179b9ff2a1ba6e40afa2c37345255eab80a7dee5e69

    • SHA512

      00313b6ac6311366a6890aa7e7fa8d1e13578880703b360026b1314884440e210f298e014b71b1e429fdc309bc9e0d5f97cbdabfbfbfe6697ce3c9e544345461

    • SSDEEP

      1536:ZRaJLwYVtRmfwJQYhrLIsG3S6kpqlht9A5Bw9KkkfadYGsVi76ssKJNKiORY:ZXoJQYNLN6kArA5KkfadYGsM3scGY

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks