Overview

overview

10

Static

static

1

cce81434ec...18.exe

windows7-x64

10

cce81434ec...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cce81434ec3c5a4b090e8f0e52595938_JaffaCakes118

  • Size

    188KB

  • Sample

    241206-n9ewpswpdv

  • MD5

    cce81434ec3c5a4b090e8f0e52595938

  • SHA1

    5cd0ef4beaebc43c522bee4fa1dca7e4610791ce

  • SHA256

    89c2238c7be2c2b643a9a10dd743aca789d4a6e710b993bb9d768bf2a716d06f

  • SHA512

    e735f8ef3d430519f4c28450c0c19de8fd56ec7873e1b078280fe09cd91fd6497eab802279b055fa5531688be2b90f2a19cf99cec364e90d3e0a91bec0b87785

  • SSDEEP

    3072:VIfW5JGUaZSrGbkR+FxXM00zu8wsv+A1QIdjJiUfU2:VIc4bRFxWK8w2XDzFx

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://13.carnovirious.net/forum/viewtopic.php

http://13.JONEMNOMINIK.NET/forum/viewtopic.php

http://13.LOMERDASTER.NET/forum/viewtopic.php

http://13.ZABAKARVESTER.NET/forum/viewtopic.php
Attributes
  • payload_url

    http://ercumentsubasi.com/GaMXZd.exe

    http://complexclabucet.ro/J9rPkF.exe

    http://wsitepromotion.com/KKa3AoTi.exe

Targets

    • Target

      cce81434ec3c5a4b090e8f0e52595938_JaffaCakes118

    • Size

      188KB

    • MD5

      cce81434ec3c5a4b090e8f0e52595938

    • SHA1

      5cd0ef4beaebc43c522bee4fa1dca7e4610791ce

    • SHA256

      89c2238c7be2c2b643a9a10dd743aca789d4a6e710b993bb9d768bf2a716d06f

    • SHA512

      e735f8ef3d430519f4c28450c0c19de8fd56ec7873e1b078280fe09cd91fd6497eab802279b055fa5531688be2b90f2a19cf99cec364e90d3e0a91bec0b87785

    • SSDEEP

      3072:VIfW5JGUaZSrGbkR+FxXM00zu8wsv+A1QIdjJiUfU2:VIc4bRFxWK8w2XDzFx

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks