Overview

overview

10

Static

static

3

7de5411dd9...18.exe

windows7-x64

10

7de5411dd9...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7de5411dd902a51655dbfcba3d4d4e54_JaffaCakes118

  • Size

    108KB

  • Sample

    241030-e3ywkavpcx

  • MD5

    7de5411dd902a51655dbfcba3d4d4e54

  • SHA1

    44189b8bc79723815d35ca5ec1c930bb2e84a7d8

  • SHA256

    b3fe0c40c0bd4be9afc193a116d5c72fc57a0ecd741681aa8b1ddaab0a1ce635

  • SHA512

    5a8a960e8a2c4fc900e320e2f39d37b75fb54c2f82f99fced99ee425d53788c72998c31e2864168fe63b5289adf58d31f874fda1f87d3e202a60c25519e7832e

  • SSDEEP

    3072:9kd+m+Ti7IQiDisWnN4Opg/MZFjFJ34cbD74DYr:9kYjTmrDAQhJocbIDI

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://admin.vojtekracing.hu:8080/ponyd/gate.php

http://media.vojtekracing.hu:8080/ponyd/gate.php

http://vojtekracing.hu:8080/ponyd/gate.php

http://195.5.208.204:8080/ponyd/gate.php
Attributes
  • payload_url

    http://breitgoff.com/d1A.exe

    http://dameunamano.org/g2HcaMJG.exe

    http://deneyhayvani.com/hd3RG4w.exe

    http://www.mantrigor.de/MzFBWJ.exe

    http://www.kasusgmbh.de/zB6.exe

    http://www.ku-communications.com/g2Vs.exe

Targets

    • Target

      7de5411dd902a51655dbfcba3d4d4e54_JaffaCakes118

    • Size

      108KB

    • MD5

      7de5411dd902a51655dbfcba3d4d4e54

    • SHA1

      44189b8bc79723815d35ca5ec1c930bb2e84a7d8

    • SHA256

      b3fe0c40c0bd4be9afc193a116d5c72fc57a0ecd741681aa8b1ddaab0a1ce635

    • SHA512

      5a8a960e8a2c4fc900e320e2f39d37b75fb54c2f82f99fced99ee425d53788c72998c31e2864168fe63b5289adf58d31f874fda1f87d3e202a60c25519e7832e

    • SSDEEP

      3072:9kd+m+Ti7IQiDisWnN4Opg/MZFjFJ34cbD74DYr:9kYjTmrDAQhJocbIDI

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks