Overview

overview

10

Static

static

3

c3c593cd34...18.exe

windows7-x64

10

c3c593cd34...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c3c593cd3478f3ab307efcbe93bb9671_JaffaCakes118

  • Size

    158KB

  • Sample

    241204-wr7g1azlbq

  • MD5

    c3c593cd3478f3ab307efcbe93bb9671

  • SHA1

    01a618ab385301dee45b21b70320386a257181f8

  • SHA256

    5724932237eef2d2475c1dc4fd76184984b17d95dc6c6d8d918e8edb31dde4fe

  • SHA512

    14a9994451d6367f745ebec64ae43bca0dfd2a36c03fd957cdabb6f3baf5dbcb71ff3a2a4d65cae69d0ce9f19b26de194df293fdfca4548f9de46f1e607dbd71

  • SSDEEP

    3072:mRTgd4oCMci4+FjNHrq8Vliumpe7XuHJYWRt7OyYtjiFkRcOYnlZW:mGd4oCM54+FjNLq8eumHJYWRE7t

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://bigfishllc.com:81/forum/viewtopic.php

http://3ecompany.com:8080/forum/viewtopic.php

http://24.coast2coastwoundcare.com/forum/viewtopic.php

http://24.coasttocoastwoundcare.com/forum/viewtopic.php
Attributes
  • payload_url

    http://giftmarketing.net/0qbfJm.exe

    http://chineseherbsforweightloss.org/S7nJEHVA.exe

    http://openminds.nazwa.pl/Y3EWoT.exe

Targets

    • Target

      c3c593cd3478f3ab307efcbe93bb9671_JaffaCakes118

    • Size

      158KB

    • MD5

      c3c593cd3478f3ab307efcbe93bb9671

    • SHA1

      01a618ab385301dee45b21b70320386a257181f8

    • SHA256

      5724932237eef2d2475c1dc4fd76184984b17d95dc6c6d8d918e8edb31dde4fe

    • SHA512

      14a9994451d6367f745ebec64ae43bca0dfd2a36c03fd957cdabb6f3baf5dbcb71ff3a2a4d65cae69d0ce9f19b26de194df293fdfca4548f9de46f1e607dbd71

    • SSDEEP

      3072:mRTgd4oCMci4+FjNHrq8Vliumpe7XuHJYWRt7OyYtjiFkRcOYnlZW:mGd4oCM54+FjNLq8eumHJYWRE7t

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks