Overview

overview

10

Static

static

3

b150405be6...18.exe

windows7-x64

10

b150405be6...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b150405be6d87d41cf6d30769f5822e4_JaffaCakes118

  • Size

    119KB

  • Sample

    241129-pxlzxszrfr

  • MD5

    b150405be6d87d41cf6d30769f5822e4

  • SHA1

    2535b949dd528564333d9630fbe0d9ac0f586ebb

  • SHA256

    b5f75d1bdd74ca614f11061cc9774ccc950bedb4a39898c815650251f199112b

  • SHA512

    39532226f7a8950c02ed6533890877baa078ff5dc142b80bb8e01ea8aa81799b2cb869010da104b4a1d6b2f4cf9428b1741b65c238704253fe5b1b23e58f3490

  • SSDEEP

    3072:JJmqXZpVNM1QyHDyQWNlkLChzvB6OCeEF:JwqXX+lHGjPAOJEF

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://www.arki.com:8080/forum/viewtopic.php

http://arki.com:8080/forum/viewtopic.php

http://50.57.185.72:8080/forum/viewtopic.php

http://atmecontracting.com/forum/viewtopic.php
Attributes
  • payload_url

    http://legodendart.com/f2kr.exe

    http://innerharmonynutrition.com/e2PhGTiC.exe

    http://marinapanagiotidou.gr/qntUYid.exe

    http://www.sch.ac.cy/DH8xSJxy.exe

Targets

    • Target

      b150405be6d87d41cf6d30769f5822e4_JaffaCakes118

    • Size

      119KB

    • MD5

      b150405be6d87d41cf6d30769f5822e4

    • SHA1

      2535b949dd528564333d9630fbe0d9ac0f586ebb

    • SHA256

      b5f75d1bdd74ca614f11061cc9774ccc950bedb4a39898c815650251f199112b

    • SHA512

      39532226f7a8950c02ed6533890877baa078ff5dc142b80bb8e01ea8aa81799b2cb869010da104b4a1d6b2f4cf9428b1741b65c238704253fe5b1b23e58f3490

    • SSDEEP

      3072:JJmqXZpVNM1QyHDyQWNlkLChzvB6OCeEF:JwqXX+lHGjPAOJEF

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks