Overview

overview

10

Static

static

3

c6e5c23ced...18.exe

windows7-x64

10

c6e5c23ced...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6e5c23ced93f3c202d136dc2bf3d1e5_JaffaCakes118

  • Size

    129KB

  • Sample

    241205-kthqwatjar

  • MD5

    c6e5c23ced93f3c202d136dc2bf3d1e5

  • SHA1

    69517ae454d7e2b3aaef2a6d793afb909879427f

  • SHA256

    60415ba726001be7cca4ff1b06fd0b46210fb7ec5e3a2cb63031cb575e41cbcb

  • SHA512

    67a5bdbc7444ae9e75b632c1ea77908ea502db5b7944853bd7430631915f43d1d4f7c915aa52096b6fdff169b5b721cd02d2638a9892cd98d0e908ba491181a3

  • SSDEEP

    1536:UUBiFqtXmPmgC9+c7LPY3pf+gij01r7TNwm7QQHfADHkTZvMS3J/HjYTtLm1DK:UOn16mg2+6gR+B43TNwIWTM/D2qD

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://67.215.225.205:8080/forum/viewtopic.php

http://50.116.38.138/forum/viewtopic.php
Attributes
  • payload_url

    http://codglobal.com/9WsB.exe

    http://edpromagna.zeronove.it/pUR.exe

Targets

    • Target

      c6e5c23ced93f3c202d136dc2bf3d1e5_JaffaCakes118

    • Size

      129KB

    • MD5

      c6e5c23ced93f3c202d136dc2bf3d1e5

    • SHA1

      69517ae454d7e2b3aaef2a6d793afb909879427f

    • SHA256

      60415ba726001be7cca4ff1b06fd0b46210fb7ec5e3a2cb63031cb575e41cbcb

    • SHA512

      67a5bdbc7444ae9e75b632c1ea77908ea502db5b7944853bd7430631915f43d1d4f7c915aa52096b6fdff169b5b721cd02d2638a9892cd98d0e908ba491181a3

    • SSDEEP

      1536:UUBiFqtXmPmgC9+c7LPY3pf+gij01r7TNwm7QQHfADHkTZvMS3J/HjYTtLm1DK:UOn16mg2+6gR+B43TNwIWTM/D2qD

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks