Overview

overview

10

Static

static

1

e5125d948f...18.exe

windows7-x64

10

e5125d948f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5125d948f89f13da38601b687f085c9_JaffaCakes118

  • Size

    186KB

  • Sample

    241212-g1fcjsxmal

  • MD5

    e5125d948f89f13da38601b687f085c9

  • SHA1

    1456b87b5f058a9a6f975a5a631a48c4c1db4a01

  • SHA256

    97687d0c6027ee8022c0e14c65ac078c9040a8e46dc5e8ab62d1e5e4ba752a15

  • SHA512

    3407ac0465a16e53d0dc9c47081711f91e7cedd9572d29388327186ce1af3412f67db9cbbcbb64c28daf3b8930ba718740c07fc1ff8f25ff36e903c728db7418

  • SSDEEP

    3072:j+3G7zLevYOOprJFy72HppE/RE8LIsWRzbi:yoejOprHP3P8rOi

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://ws.sefairepayer.com:8080/forum/viewtopic.php

http://imprimante.sefairepayer.com:8080/forum/viewtopic.php

http://91.121.204.38:8080/forum/viewtopic.php

http://217.195.200.29:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://djozi.bplaced.net/J3B5Y7A.exe

    http://medikux.com/iXPVJ.exe

    http://mihneabelcin.com/Upq.exe

Targets

    • Target

      e5125d948f89f13da38601b687f085c9_JaffaCakes118

    • Size

      186KB

    • MD5

      e5125d948f89f13da38601b687f085c9

    • SHA1

      1456b87b5f058a9a6f975a5a631a48c4c1db4a01

    • SHA256

      97687d0c6027ee8022c0e14c65ac078c9040a8e46dc5e8ab62d1e5e4ba752a15

    • SHA512

      3407ac0465a16e53d0dc9c47081711f91e7cedd9572d29388327186ce1af3412f67db9cbbcbb64c28daf3b8930ba718740c07fc1ff8f25ff36e903c728db7418

    • SSDEEP

      3072:j+3G7zLevYOOprJFy72HppE/RE8LIsWRzbi:yoejOprHP3P8rOi

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks