Overview

overview

10

Static

static

3

de605a64de...18.exe

windows7-x64

10

de605a64de...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de605a64deabb3e4bffffafe56627bfc_JaffaCakes118

  • Size

    139KB

  • Sample

    241210-ystnms1rbl

  • MD5

    de605a64deabb3e4bffffafe56627bfc

  • SHA1

    e20b8df40bf33fef1be1a4dfc67bb06ff8b94d87

  • SHA256

    79ea24a3926803335a4f27ee05a682919efe1bdcdcc8538054636497c8be98e9

  • SHA512

    567599ad9aedeefb22fcacf25f4494285f2b5f54c1759341b030c56359ccaeded6741c7b7310ca625cd2c9f56724d0e05624f5e3e6c91326c0872e73954e09c2

  • SSDEEP

    3072:IYQpMGQqFsdTTxlEDe0MrsfL+i6spekmp0:IYQWqFWTnCT9j+i6sppmp0

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealerupx

Malware Config

Extracted

Family

pony

C2

http://91.220.35.125/internet_goo.php

http://209.236.67.163/8bd7d5194/wergwrg3gwer

http://209.236.67.163/8bd7d5194/rebhg542

http://209.236.67.163/8bd7d5194/wert34g45ht

http://209.236.67.163/8bd7d5194/brgn424t235

http://209.236.67.163/8bd7d5194/werghw45gwe

http://91.220.35.48/fb/internet.php

Targets

    • Target

      de605a64deabb3e4bffffafe56627bfc_JaffaCakes118

    • Size

      139KB

    • MD5

      de605a64deabb3e4bffffafe56627bfc

    • SHA1

      e20b8df40bf33fef1be1a4dfc67bb06ff8b94d87

    • SHA256

      79ea24a3926803335a4f27ee05a682919efe1bdcdcc8538054636497c8be98e9

    • SHA512

      567599ad9aedeefb22fcacf25f4494285f2b5f54c1759341b030c56359ccaeded6741c7b7310ca625cd2c9f56724d0e05624f5e3e6c91326c0872e73954e09c2

    • SSDEEP

      3072:IYQpMGQqFsdTTxlEDe0MrsfL+i6spekmp0:IYQWqFWTnCT9j+i6sppmp0

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealerupx

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks