Overview

overview

10

Static

static

3

8556d34e7c...18.exe

windows7-x64

10

8556d34e7c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8556d34e7c27a02f98c6a1ef14348bd4_JaffaCakes118

  • Size

    133KB

  • Sample

    241102-n6cl6ssrev

  • MD5

    8556d34e7c27a02f98c6a1ef14348bd4

  • SHA1

    77c7ae0e9cc3c899d73ded93826ef2c7b074e9bb

  • SHA256

    e98c91af1a824a259d5843a122f91d793c00c00a7b6cda07a6dc02dc14477add

  • SHA512

    2c43451352398bf88136e7fa108611c0a12e17b5cd0147f3a81bdde110453f36d35f06c3657243bd43072587470fd26bd4900b028c2a160457d2e3a59e56bec2

  • SSDEEP

    3072:JQwVJmBc6O4f9ztEMjvQPLX7eF+lSKsBNVV0vGe:Fmc4AMjyTO8vG

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://66.175.212.194/forum/viewtopic.php

Attributes
  • payload_url

    http://bobandcarl.com/hmSfQED.exe

    http://calcolailmutuo.com/L1yhbec7.exe

    http://www.heb-bremen.de/zyTUQQg.exe

Targets

    • Target

      8556d34e7c27a02f98c6a1ef14348bd4_JaffaCakes118

    • Size

      133KB

    • MD5

      8556d34e7c27a02f98c6a1ef14348bd4

    • SHA1

      77c7ae0e9cc3c899d73ded93826ef2c7b074e9bb

    • SHA256

      e98c91af1a824a259d5843a122f91d793c00c00a7b6cda07a6dc02dc14477add

    • SHA512

      2c43451352398bf88136e7fa108611c0a12e17b5cd0147f3a81bdde110453f36d35f06c3657243bd43072587470fd26bd4900b028c2a160457d2e3a59e56bec2

    • SSDEEP

      3072:JQwVJmBc6O4f9ztEMjvQPLX7eF+lSKsBNVV0vGe:Fmc4AMjyTO8vG

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks