Overview

overview

10

Static

static

3

16d0f29d75...18.exe

windows7-x64

10

16d0f29d75...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16d0f29d754ad00d777a43e47b7e73b7_JaffaCakes118

  • Size

    132KB

  • Sample

    241005-jrfytstfpp

  • MD5

    16d0f29d754ad00d777a43e47b7e73b7

  • SHA1

    cbf49f810bb380b58c4f9d7dce07d18eff7d0180

  • SHA256

    958c41bfde494a56648796fcfd0feffb47a3fdecbd7950fe2817d9d241bdd120

  • SHA512

    c2c9e53bc92cc065598a7e754f170b8111f51e2e7b170faee16e8e509816357c9e706b91b787142c3b710ec73f69cf7e74a529ee78bbb9f35c36de3a009b8939

  • SSDEEP

    3072:DfbmUkNmOJ2RsfdDJKq6J8dlGDqYzxnP:jb/k7LdDJ5gKliqQ

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://67.215.225.205:8080/forum/viewtopic.php

http://66.175.223.183/forum/viewtopic.php
Attributes
  • payload_url

    http://ftp.approachit.com/jZy.exe

    http://atualizacoes.issqn.net/FhPD.exe

    http://tokulances.sitebr.net/jV1.exe

Targets

    • Target

      16d0f29d754ad00d777a43e47b7e73b7_JaffaCakes118

    • Size

      132KB

    • MD5

      16d0f29d754ad00d777a43e47b7e73b7

    • SHA1

      cbf49f810bb380b58c4f9d7dce07d18eff7d0180

    • SHA256

      958c41bfde494a56648796fcfd0feffb47a3fdecbd7950fe2817d9d241bdd120

    • SHA512

      c2c9e53bc92cc065598a7e754f170b8111f51e2e7b170faee16e8e509816357c9e706b91b787142c3b710ec73f69cf7e74a529ee78bbb9f35c36de3a009b8939

    • SSDEEP

      3072:DfbmUkNmOJ2RsfdDJKq6J8dlGDqYzxnP:jb/k7LdDJ5gKliqQ

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks