General

  • Target

    8c6fd19f014ac76732745386c1064637_JaffaCakes118

  • Size

    229KB

  • Sample

    241103-t3pefs1pbq

  • MD5

    8c6fd19f014ac76732745386c1064637

  • SHA1

    4b80161f9ff92e5319d742fb0317da945920c181

  • SHA256

    945ffe399c12635e43a8ba87689fc7a392c233e2ddbebc783a9cb63d0cac850e

  • SHA512

    da1096e183be102d7b2217205bc491a617da1f39422180aa6938e8c550802c71ee7dfc28e0489f46ac4735dd37b1ae9ca0ebefc7d5e6f5b178b4a1a9611fe395

  • SSDEEP

    3072:GXJibxlNFRsdPtLWgGD7+ZoKqoPRtl4r4es303I:GXE9joPtLWgGDyWoZtCxUv

Malware Config

Extracted

Family

pony

C2

http://203.250.68.191:8080/forum/viewtopic.php

http://213.155.112.88:8080/forum/viewtopic.php

Attributes
  • payload_url

    http://02c8dac.netsolhost.com/6L4p.exe

    http://medplus.fr/sfR.exe

    http://rtserv.co.za/9uvSc.exe

Targets

    • Target

      8c6fd19f014ac76732745386c1064637_JaffaCakes118

    • Size

      229KB

    • MD5

      8c6fd19f014ac76732745386c1064637

    • SHA1

      4b80161f9ff92e5319d742fb0317da945920c181

    • SHA256

      945ffe399c12635e43a8ba87689fc7a392c233e2ddbebc783a9cb63d0cac850e

    • SHA512

      da1096e183be102d7b2217205bc491a617da1f39422180aa6938e8c550802c71ee7dfc28e0489f46ac4735dd37b1ae9ca0ebefc7d5e6f5b178b4a1a9611fe395

    • SSDEEP

      3072:GXJibxlNFRsdPtLWgGD7+ZoKqoPRtl4r4es303I:GXE9joPtLWgGDyWoZtCxUv

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks