Overview

overview

10

Static

static

1

82216fc16e...18.exe

windows7-x64

10

82216fc16e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82216fc16e04654e10dbdf8571321c52_JaffaCakes118

  • Size

    175KB

  • Sample

    241031-hqhkla1mc1

  • MD5

    82216fc16e04654e10dbdf8571321c52

  • SHA1

    69a30bdb285be7fe91130f11cd076e0bd29bef6d

  • SHA256

    f4f3d5db95558049aea2697270c52a0ddceb6010fba83f5b3902762bcf178f15

  • SHA512

    befa86c074e3fcbdf6999a7d874d4638cb23ad2895baeb1a1a2cec3dee63fcab83f334e04a992714fe7cf652cfce2ad8bcb9701ebb47d66aec43a75e6f34adf0

  • SSDEEP

    3072:sxXqiXN+RQhmxZ34WlRoDHx4gOA/6EWpWff:U9XmZoWlRoDDO46EoWff

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://64.85.169.189:8080/forum/viewtopic.php

http://64.85.169.190:8080/forum/viewtopic.php

http://11.laptopvspc.com/forum/viewtopic.php

http://11.sephoracouponscode.com/forum/viewtopic.php
Attributes
  • payload_url

    http://playersi.com/2PveFFs.exe

    http://sergourmet.com.ar/jGa9.exe

Targets

    • Target

      82216fc16e04654e10dbdf8571321c52_JaffaCakes118

    • Size

      175KB

    • MD5

      82216fc16e04654e10dbdf8571321c52

    • SHA1

      69a30bdb285be7fe91130f11cd076e0bd29bef6d

    • SHA256

      f4f3d5db95558049aea2697270c52a0ddceb6010fba83f5b3902762bcf178f15

    • SHA512

      befa86c074e3fcbdf6999a7d874d4638cb23ad2895baeb1a1a2cec3dee63fcab83f334e04a992714fe7cf652cfce2ad8bcb9701ebb47d66aec43a75e6f34adf0

    • SSDEEP

      3072:sxXqiXN+RQhmxZ34WlRoDHx4gOA/6EWpWff:U9XmZoWlRoDDO46EoWff

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks