Overview

overview

10

Static

static

3

834194ed5b...18.exe

windows7-x64

10

834194ed5b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    834194ed5b04a08846e815314cd28305_JaffaCakes118

  • Size

    171KB

  • Sample

    241031-rmzt5szfrk

  • MD5

    834194ed5b04a08846e815314cd28305

  • SHA1

    04f7fb683d8f54afdb8aa1283feeaf4f82d5399a

  • SHA256

    ddbe5298292e76057cfcd54958b9146bd45d7c39bce10ccc376a42c88386c436

  • SHA512

    deb0e779054b0dc9392127564a94f6fc1ee6b09c2d3989b868d2193d51d0f2710dbf12933801ff9298a1874af279cd9a86ca702de25883c3ba3445ee96633eb5

  • SSDEEP

    3072:5gmeNyLLbrAgBvgHRLs9fR8PhaYQ5Puuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu4:Wm82LwmIxLkRSkJpuuuuuuuuuuuuuuu

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://212.58.20.11/ponys/gate.php

http://69.164.220.104:8080/ponys/gate.php
Attributes
  • payload_url

    http://bde-essec.com/1ePZ.exe

    http://www.kevalicare.com/e5BRZNJ.exe

    http://travelbuoy.com/Gi9M.exe

    http://saberfit.com/udd.exe

    http://207.57.248.58/1VyR6.exe

Targets

    • Target

      834194ed5b04a08846e815314cd28305_JaffaCakes118

    • Size

      171KB

    • MD5

      834194ed5b04a08846e815314cd28305

    • SHA1

      04f7fb683d8f54afdb8aa1283feeaf4f82d5399a

    • SHA256

      ddbe5298292e76057cfcd54958b9146bd45d7c39bce10ccc376a42c88386c436

    • SHA512

      deb0e779054b0dc9392127564a94f6fc1ee6b09c2d3989b868d2193d51d0f2710dbf12933801ff9298a1874af279cd9a86ca702de25883c3ba3445ee96633eb5

    • SSDEEP

      3072:5gmeNyLLbrAgBvgHRLs9fR8PhaYQ5Puuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu4:Wm82LwmIxLkRSkJpuuuuuuuuuuuuuuu

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks