Overview

overview

10

Static

static

5

88fa773977...18.exe

windows7-x64

10

88fa773977...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88fa773977459db424fbfe7b17ce8117_JaffaCakes118

  • Size

    54KB

  • Sample

    241103-byltna1enk

  • MD5

    88fa773977459db424fbfe7b17ce8117

  • SHA1

    e005e14b35abf8c5dbbd7e1ae42d05fe5b1ba0c2

  • SHA256

    993ae56ee9c2e636943b13e4571c72fec84079406d7425052c4c811671726fcf

  • SHA512

    35a75891ce1ad1744eafd7b265b4697632785040c74dea35d1e8173e5ac29dcbb42fa67c6c75b3f2ec96bb50230dfc4d4f5e86ad31d9f5c9d0ad87b12d4fc5e2

  • SSDEEP

    1536:2eKo9gkKnouy8caxOKqhxhvGg/OwfPFDgR5b921:2eKo5Sout7ZqhxRGwOWEb921

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealerupx

Malware Config

Extracted

Family

pony

C2

http://antresolix.com/pony/gate.php

http://maimerdt.com/pony/gate.php

http://anonce-taulk.com/pony/gate.php

Targets

    • Target

      88fa773977459db424fbfe7b17ce8117_JaffaCakes118

    • Size

      54KB

    • MD5

      88fa773977459db424fbfe7b17ce8117

    • SHA1

      e005e14b35abf8c5dbbd7e1ae42d05fe5b1ba0c2

    • SHA256

      993ae56ee9c2e636943b13e4571c72fec84079406d7425052c4c811671726fcf

    • SHA512

      35a75891ce1ad1744eafd7b265b4697632785040c74dea35d1e8173e5ac29dcbb42fa67c6c75b3f2ec96bb50230dfc4d4f5e86ad31d9f5c9d0ad87b12d4fc5e2

    • SSDEEP

      1536:2eKo9gkKnouy8caxOKqhxhvGg/OwfPFDgR5b921:2eKo5Sout7ZqhxRGwOWEb921

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealerupx

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks