General

  • Target

    bb681cfd66e9dc91930f20e41939b53b_JaffaCakes118

  • Size

    115KB

  • Sample

    241203-denj9asmem

  • MD5

    bb681cfd66e9dc91930f20e41939b53b

  • SHA1

    593d91d23f4f06addec647a8c6ac074b1ccc0fad

  • SHA256

    595e4e0b7303de12d579d6c6491dd73f0de4d16d1ea912ca88e6c9b3b47e26ae

  • SHA512

    4f4681a80830aa8bddc30c70c377e4476e59bfe9b3939ffd211ad5ac569ff4fb060fd07c2d98f7a801abba65117d7a4665f6e08432e254e100b6c7cf2799e2f0

  • SSDEEP

    3072:a5Y0Prv1m7OXFz8g5F7zKw97iGUkClPTxsq6e:ov11Vz8g5797KkmxN

Malware Config

Extracted

Family

pony

C2

http://applicationforce.com/forum/viewtopic.php

http://decinter.com/forum/viewtopic.php

http://decinteractive.com/forum/viewtopic.php

http://listingforce.net/forum/viewtopic.php

Attributes
  • payload_url

    http://globaldoesitall.com/hPr0.exe

    http://ftp.lmcg.lu/tAx.exe

    http://derricoassociati.it/rjrtYyw5.exe

    http://9ain.net/easm1.exe

Targets

    • Target

      bb681cfd66e9dc91930f20e41939b53b_JaffaCakes118

    • Size

      115KB

    • MD5

      bb681cfd66e9dc91930f20e41939b53b

    • SHA1

      593d91d23f4f06addec647a8c6ac074b1ccc0fad

    • SHA256

      595e4e0b7303de12d579d6c6491dd73f0de4d16d1ea912ca88e6c9b3b47e26ae

    • SHA512

      4f4681a80830aa8bddc30c70c377e4476e59bfe9b3939ffd211ad5ac569ff4fb060fd07c2d98f7a801abba65117d7a4665f6e08432e254e100b6c7cf2799e2f0

    • SSDEEP

      3072:a5Y0Prv1m7OXFz8g5F7zKw97iGUkClPTxsq6e:ov11Vz8g5797KkmxN

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks