Overview

overview

10

Static

static

3

ab748e5012...18.exe

windows7-x64

10

ab748e5012...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab748e5012714b5178cfd91d9612d7c0_JaffaCakes118

  • Size

    196KB

  • Sample

    241128-h4bn7swlej

  • MD5

    ab748e5012714b5178cfd91d9612d7c0

  • SHA1

    db13358288c9889ebf8cb29b39d8748cb3dce065

  • SHA256

    7bdbb0951ad72cb7f2e37f5389a3c499143787c637c7fe98ac2f32520192e16d

  • SHA512

    326deca8e0f0a54d206577d086bf380a503e5e060b5321c3379dcf3e718fbc008ae717cc2211ea20fced4bf26a227f1e635a891a2ad072449e7598f51eaa7984

  • SSDEEP

    3072:lvb0IsImpfVRODl0qu6OrWByzFdYWrvnv:10vImpfVRCu5rWB7Qvv

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://rolex208.8s.nl/po/gate.php

http://rolex209.8s.nl/po/gate.php

http://rolex210.8s.nl/po/gate.php

Targets

    • Target

      ab748e5012714b5178cfd91d9612d7c0_JaffaCakes118

    • Size

      196KB

    • MD5

      ab748e5012714b5178cfd91d9612d7c0

    • SHA1

      db13358288c9889ebf8cb29b39d8748cb3dce065

    • SHA256

      7bdbb0951ad72cb7f2e37f5389a3c499143787c637c7fe98ac2f32520192e16d

    • SHA512

      326deca8e0f0a54d206577d086bf380a503e5e060b5321c3379dcf3e718fbc008ae717cc2211ea20fced4bf26a227f1e635a891a2ad072449e7598f51eaa7984

    • SSDEEP

      3072:lvb0IsImpfVRODl0qu6OrWByzFdYWrvnv:10vImpfVRCu5rWB7Qvv

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks