Overview

overview

10

Static

static

3

a274d9390c...18.exe

windows7-x64

10

a274d9390c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a274d9390c73e94368ab71ca4f71a30f_JaffaCakes118

  • Size

    142KB

  • Sample

    241126-rw5fzsvngy

  • MD5

    a274d9390c73e94368ab71ca4f71a30f

  • SHA1

    c7cf1c82d8015fc4e076c6d0c7bd5c481d835330

  • SHA256

    977cd126d9bcb07446965bedcbfcb4f4f77db784d7da680331d6737aa27ff092

  • SHA512

    bf84648b9b4dc1e9fbea927153130e5bc266bd3ec85e405fd5ac2b72d095ab4c5a0d2b144235b20f3e500006d8d7b4adbc4b9129db50dd980ab4ee044d527062

  • SSDEEP

    3072:545DeCfjHvFRPW0rnRP3r2dIYBIkFem8RyON:58TFRPW0UIHkF58

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://carmine.warsheet.com:8080/forum/viewtopic.php

http://deswarlist.warsheet.com:8080/forum/viewtopic.php

http://easymailonline.com:8080/forum/viewtopic.php

http://holmesent.com:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://pm.analytixsolutions.com/EYhWBb.exe

    http://www.room-mategift.com/iuahp.exe

    http://greenstationradio.com/oDgYxp.exe

    http://84.1.156.73/nXrQgdV.exe

    http://ez.ttgdevsite.com/2Ujt8j.exe

    http://mayintansang.com/Ne69A0.exe

    http://limon.basis5.com/xMJrJ.exe

Targets

    • Target

      a274d9390c73e94368ab71ca4f71a30f_JaffaCakes118

    • Size

      142KB

    • MD5

      a274d9390c73e94368ab71ca4f71a30f

    • SHA1

      c7cf1c82d8015fc4e076c6d0c7bd5c481d835330

    • SHA256

      977cd126d9bcb07446965bedcbfcb4f4f77db784d7da680331d6737aa27ff092

    • SHA512

      bf84648b9b4dc1e9fbea927153130e5bc266bd3ec85e405fd5ac2b72d095ab4c5a0d2b144235b20f3e500006d8d7b4adbc4b9129db50dd980ab4ee044d527062

    • SSDEEP

      3072:545DeCfjHvFRPW0rnRP3r2dIYBIkFem8RyON:58TFRPW0UIHkF58

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks