General

  • Target

    8c910434bf63730e9921f9082e2cc6f8_JaffaCakes118

  • Size

    79KB

  • Sample

    241103-vmdhpasjgp

  • MD5

    8c910434bf63730e9921f9082e2cc6f8

  • SHA1

    3cbab51240ead89f60b5cf52f3b5e6f53385142e

  • SHA256

    753a6e5294217910c2083a6142084737c33b3d427bf46ecc8bf7a3998ec4c2eb

  • SHA512

    8aaa2af06fc7d5e59e59be125c8d81673eea090bb081b7b8bd46b14b16e056e554d509d23516314b67215688510763e209b40e279848413d1dfa6fe808c0f8c4

  • SSDEEP

    1536:pqEgC98klcv+Yf07gEr0WSJ3m3lB8lgCE0xbNi3gMdstkGH0/JuNiRY:wEgCSB2NgUmJ8ylgJ0XifsttHoUWY

Malware Config

Targets

    • Target

      8c910434bf63730e9921f9082e2cc6f8_JaffaCakes118

    • Size

      79KB

    • MD5

      8c910434bf63730e9921f9082e2cc6f8

    • SHA1

      3cbab51240ead89f60b5cf52f3b5e6f53385142e

    • SHA256

      753a6e5294217910c2083a6142084737c33b3d427bf46ecc8bf7a3998ec4c2eb

    • SHA512

      8aaa2af06fc7d5e59e59be125c8d81673eea090bb081b7b8bd46b14b16e056e554d509d23516314b67215688510763e209b40e279848413d1dfa6fe808c0f8c4

    • SSDEEP

      1536:pqEgC98klcv+Yf07gEr0WSJ3m3lB8lgCE0xbNi3gMdstkGH0/JuNiRY:wEgCSB2NgUmJ8ylgJ0XifsttHoUWY

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks