Overview

overview

10

Static

static

3

6549c87184...18.exe

windows7-x64

10

6549c87184...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6549c87184ef4e2ca75477d054743380_JaffaCakes118

  • Size

    76KB

  • Sample

    241021-dj287sveqf

  • MD5

    6549c87184ef4e2ca75477d054743380

  • SHA1

    de4773a7f39b36b6727b876509309f3f28f00413

  • SHA256

    ef4cb5a9d0e103a6f65e11f895fbda761046a8c84c1677eff8dcb5a1af71a334

  • SHA512

    121a9a257bd174e7ba58969592bbc32bfeaa99ffe866eafa71fb03bcfe2283a85daac4d627ecdd41fb404a0419054c5833ca6568dc76ded61cd93f2911256d4e

  • SSDEEP

    1536:ep1XkANavK0++WfwmzztZx/HpDE2WG3kZac/vtP/IDEtiYUQud:KTkvR+twMLx/HpDCpd/IDUiYhW

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealerupx

Malware Config

Extracted

Family

pony

C2

http://newlinkname.com/search.php

http://storestitch.com/blog/wp-rss.php

http://blogstrng.com/hotlink/imgs.php

http://blogstrng.com/hotlink/pic.php

Targets

    • Target

      6549c87184ef4e2ca75477d054743380_JaffaCakes118

    • Size

      76KB

    • MD5

      6549c87184ef4e2ca75477d054743380

    • SHA1

      de4773a7f39b36b6727b876509309f3f28f00413

    • SHA256

      ef4cb5a9d0e103a6f65e11f895fbda761046a8c84c1677eff8dcb5a1af71a334

    • SHA512

      121a9a257bd174e7ba58969592bbc32bfeaa99ffe866eafa71fb03bcfe2283a85daac4d627ecdd41fb404a0419054c5833ca6568dc76ded61cd93f2911256d4e

    • SSDEEP

      1536:ep1XkANavK0++WfwmzztZx/HpDE2WG3kZac/vtP/IDEtiYUQud:KTkvR+twMLx/HpDCpd/IDUiYhW

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealerupx

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks