General

  • Target

    44a2cfcefcefb1d1ea5cf88c4b625142_JaffaCakes118

  • Size

    119KB

  • Sample

    241014-25ayvavepk

  • MD5

    44a2cfcefcefb1d1ea5cf88c4b625142

  • SHA1

    8c1f547e78683433137a83e94fd188a21864cd32

  • SHA256

    32b134c830060df4251b195b865beb4b16ce16eb090b2fbcf08215a6c7f74d6e

  • SHA512

    0dc0f00627671ac1d9191af9bb33e9e55624cc020be5c3002a89d0e483d206d5bc663e1e0c1ec06c45146d9909315c4ea572dea93470f3988d8c9e43f9fa64cd

  • SSDEEP

    3072:P9xntNHEj0/AHs0Th22cp61NFgNk0V4Ba+xMr/:zlALg2y60BKBa+xa

Malware Config

Extracted

Family

pony

C2

http://nursenextdoor.com:443/forum/viewtopic.php

http://dreamonseniorswish.org:443/forum/viewtopic.php

http://prospexleads.com:8080/forum/viewtopic.php

http://phonebillssuck.com:8080/forum/viewtopic.php

Attributes
  • payload_url

    http://globaldoesitall.com/hPr0.exe

    http://derricoassociati.it/rjrtYyw5.exe

    http://csisatx.com/MTj5yF.exe

    http://www.flesnercompanies.com/xavAm.exe

Targets

    • Target

      44a2cfcefcefb1d1ea5cf88c4b625142_JaffaCakes118

    • Size

      119KB

    • MD5

      44a2cfcefcefb1d1ea5cf88c4b625142

    • SHA1

      8c1f547e78683433137a83e94fd188a21864cd32

    • SHA256

      32b134c830060df4251b195b865beb4b16ce16eb090b2fbcf08215a6c7f74d6e

    • SHA512

      0dc0f00627671ac1d9191af9bb33e9e55624cc020be5c3002a89d0e483d206d5bc663e1e0c1ec06c45146d9909315c4ea572dea93470f3988d8c9e43f9fa64cd

    • SSDEEP

      3072:P9xntNHEj0/AHs0Th22cp61NFgNk0V4Ba+xMr/:zlALg2y60BKBa+xa

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks