Overview

overview

10

Static

static

3

f61106c546...18.exe

windows7-x64

10

f61106c546...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f61106c54653ed36c33684d3c7a90f70_JaffaCakes118

  • Size

    152KB

  • Sample

    241215-2ly7bssmdn

  • MD5

    f61106c54653ed36c33684d3c7a90f70

  • SHA1

    847d98d20fda6542b6000a0d44abf05163582809

  • SHA256

    242cb3fe3053ec87f7b3bac94748a55892ab6d5ada72fdc88d0d8dc636319905

  • SHA512

    7602783c22cbda6d185bcb5060ae15b550ee2d7d89dd31f966975df0ca1d4b402b418bef7feac90566dac51a865a406ea84b1635c439a2969d64917d40b38ea1

  • SSDEEP

    1536:JkSMbnMatTdVsPjzfSzoO0YIYzdK+vbnsq30mGzNfL881gh5xBwJad6++Fa37o:bMb3dVsP3WNdXDsq3vMpXgQwI+qa37

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://beta.moto-profil.pl/lnyuygf.php

http://profiauto.pl/limyxda.php

http://heros.wis.pl/rotuybd.php

http://jkgroup.pl/vwlwutk.php

http://nokturn.katowice.pl/abmptjt.php

http://przychodniarodzina.pl/ulyplxl.php

http://beta.szj.info.pl/tqslmfc.php
Attributes
  • payload_url

    http://dpskamilzabrze.pl/tmp/sm.exe

    http://dpskamilzabrze.pl/tmp/np.exe

Targets

    • Target

      f61106c54653ed36c33684d3c7a90f70_JaffaCakes118

    • Size

      152KB

    • MD5

      f61106c54653ed36c33684d3c7a90f70

    • SHA1

      847d98d20fda6542b6000a0d44abf05163582809

    • SHA256

      242cb3fe3053ec87f7b3bac94748a55892ab6d5ada72fdc88d0d8dc636319905

    • SHA512

      7602783c22cbda6d185bcb5060ae15b550ee2d7d89dd31f966975df0ca1d4b402b418bef7feac90566dac51a865a406ea84b1635c439a2969d64917d40b38ea1

    • SSDEEP

      1536:JkSMbnMatTdVsPjzfSzoO0YIYzdK+vbnsq30mGzNfL881gh5xBwJad6++Fa37o:bMb3dVsP3WNdXDsq3vMpXgQwI+qa37

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks