Overview

overview

10

Static

static

3

e095a48a80...18.exe

windows7-x64

10

e095a48a80...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e095a48a8020d7628707035e673f2090_JaffaCakes118

  • Size

    113KB

  • Sample

    241211-j4shdsyphn

  • MD5

    e095a48a8020d7628707035e673f2090

  • SHA1

    fe91572924f7272d207f90dadbffb137c3f78e8f

  • SHA256

    8c133ec84c6159cf5b55634cbb3618a2de0e84d50dcc516df4d94d22b8ab20dd

  • SHA512

    650e05b398f51665d3b9998701246669b3414a7e68c939b51ddfd1f18dc93085b96fd7a24d4373d34c3b53ea2c04c2ec46b2ff6ff3938f013d555e38e1503304

  • SSDEEP

    3072:TFEo/7cvuLDmnvAF3syuntCwn5XXioeL4:TFEoDcvuLDm4FsntNXXO4

Score
10/10
ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://lkrjoa.info:4915/way/like.php

http://kliuyehu.info:4915/way/like.php

http://mstyrde.info:4915/way/upd

Targets

    • Target

      e095a48a8020d7628707035e673f2090_JaffaCakes118

    • Size

      113KB

    • MD5

      e095a48a8020d7628707035e673f2090

    • SHA1

      fe91572924f7272d207f90dadbffb137c3f78e8f

    • SHA256

      8c133ec84c6159cf5b55634cbb3618a2de0e84d50dcc516df4d94d22b8ab20dd

    • SHA512

      650e05b398f51665d3b9998701246669b3414a7e68c939b51ddfd1f18dc93085b96fd7a24d4373d34c3b53ea2c04c2ec46b2ff6ff3938f013d555e38e1503304

    • SSDEEP

      3072:TFEo/7cvuLDmnvAF3syuntCwn5XXioeL4:TFEoDcvuLDm4FsntNXXO4

    Score
    10/10
    ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks