General

  • Target

    42586f8cc6339a3deb8601094da039cf_JaffaCakes118

  • Size

    101KB

  • Sample

    241014-pj9ttsvfke

  • MD5

    42586f8cc6339a3deb8601094da039cf

  • SHA1

    256e7dca7a41b023b3eb36ea9f419cb82677993e

  • SHA256

    cc4430050e894e58c93d1b1357bf5af44f384d5686a33320fa66ce6b3f6d015c

  • SHA512

    cad66555bf85bdf92e7d7e3fe634b7644f52fe15d1a92736ee7af278f047a48ffd73597559495382fd4376b40853eb753edc68778519ca753daa3955d2c2cde7

  • SSDEEP

    1536:BfgpqhxaHukJ9IeNn5rab+t4//08cFM243ft8b+ui7VOePZJUrQxKyrWcI:gqhxakWUb+tu08hE+z7V5x6rQxKsD

Malware Config

Extracted

Family

pony

C2

http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php

Targets

    • Target

      42586f8cc6339a3deb8601094da039cf_JaffaCakes118

    • Size

      101KB

    • MD5

      42586f8cc6339a3deb8601094da039cf

    • SHA1

      256e7dca7a41b023b3eb36ea9f419cb82677993e

    • SHA256

      cc4430050e894e58c93d1b1357bf5af44f384d5686a33320fa66ce6b3f6d015c

    • SHA512

      cad66555bf85bdf92e7d7e3fe634b7644f52fe15d1a92736ee7af278f047a48ffd73597559495382fd4376b40853eb753edc68778519ca753daa3955d2c2cde7

    • SSDEEP

      1536:BfgpqhxaHukJ9IeNn5rab+t4//08cFM243ft8b+ui7VOePZJUrQxKyrWcI:gqhxakWUb+tu08hE+z7V5x6rQxKsD

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks