Overview

overview

10

Static

static

3

d954deb7dd...18.exe

windows7-x64

10

d954deb7dd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d954deb7dda3fa158473f773c65401c4_JaffaCakes118

  • Size

    158KB

  • Sample

    241209-na349azpdk

  • MD5

    d954deb7dda3fa158473f773c65401c4

  • SHA1

    465e40486012a38fe7b6138cd8619d6ca9145bdd

  • SHA256

    aa26dae1a18df69e5a3c9d07f28ce43bda1ae389539376fe94391d8450bce7f8

  • SHA512

    e941101670815422de645a3b75cdad5324b8d176ba1e21ca532696025dd982483f86de7ad336338f3c767733dc86cc3c795025ed455595f1abb5aec77656c226

  • SSDEEP

    3072:LDRnIGszae0bfh4feFTnPmea/mJq2qM+entjiFkRcOYnlZW:LdnIGsue0bfWfexPmNOJmNent

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://bigfishllc.com:81/forum/viewtopic.php

http://3ecompany.com:8080/forum/viewtopic.php

http://24.coast2coastwoundcare.com/forum/viewtopic.php

http://24.coasttocoastwoundcare.com/forum/viewtopic.php
Attributes
  • payload_url

    http://pm.aixsol.com/G5jZNg.exe

    http://bensonfarms.com/090BidUv.exe

    http://connect-me.de/W9M3e.exe

Targets

    • Target

      d954deb7dda3fa158473f773c65401c4_JaffaCakes118

    • Size

      158KB

    • MD5

      d954deb7dda3fa158473f773c65401c4

    • SHA1

      465e40486012a38fe7b6138cd8619d6ca9145bdd

    • SHA256

      aa26dae1a18df69e5a3c9d07f28ce43bda1ae389539376fe94391d8450bce7f8

    • SHA512

      e941101670815422de645a3b75cdad5324b8d176ba1e21ca532696025dd982483f86de7ad336338f3c767733dc86cc3c795025ed455595f1abb5aec77656c226

    • SSDEEP

      3072:LDRnIGszae0bfh4feFTnPmea/mJq2qM+entjiFkRcOYnlZW:LdnIGsue0bfWfexPmNOJmNent

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks