General

  • Target

    43c232eff25d2ab7d35bbff53f24be50_JaffaCakes118

  • Size

    92KB

  • Sample

    241014-xv8d5svgnk

  • MD5

    43c232eff25d2ab7d35bbff53f24be50

  • SHA1

    11a5b40338d1c0a33fa5c859ccdf630f403da4b8

  • SHA256

    4747ae5b1ab686219aaa24a992a1d02f3df4ab6093e78b2668819b0dd8c15d1d

  • SHA512

    888711a9f25f3966a55ee5dddb5ad019f59879adf1df9a5895d7fa3e6e3cad3c7e1f224876ef3fc48ca683022c33645100e2c19e881204c9eba744d4dfea0dbe

  • SSDEEP

    1536:woo22VCzCGGRD9rf6A5XcSKQvY3yQHIk8p/B5IglMwJj5STyer2Q99dkD+Fp9GFk:woKV/7xD6xRUY3Pok2/ByglMwJj5STHf

Malware Config

Extracted

Family

pony

C2

http://175.118.124.53:8080/ponyb/gate.php

http://midwdermatology.com:8080/ponyb/gate.php

http://www.bobadamsinc.com:8080/ponyb/gate.php

http://www.richadamsinc.com:8080/ponyb/gate.php

Attributes
  • payload_url

    http://www.lypto.ch/K2d98Z.exe

    http://giftmarketing.net/qAuX3EL.exe

    http://salmonesriopuelo.cl/PGg.exe

Targets

    • Target

      fax_id{DIGIT[8]}.exe

    • Size

      103KB

    • MD5

      a9c0f6b420953ef757e80991a15fdb2d

    • SHA1

      efdc87cd12fc653d3a5cd39beb8d278b501660d0

    • SHA256

      0dcc398eb8ac3244b078282f787e4397a6a4db00b23716bb580b03adbc1d413e

    • SHA512

      737e77c391fe06e1355b4b7c07cd59a80bf22a4b6b99c03d80f7307e7fe205cf3b798d185558e04624cd4e6d1877715cb03daf126b3f21d26c35ea9b15d0a044

    • SSDEEP

      1536:kxUvwF/rDM/RlPnWUb/HodA3fXVQLkfIbMjXjXIXFuvU8b/I57pfMWd6kAh:kxos/E/vnWW/odA3f2LkfIbuZIUWd6

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks