Overview

overview

10

Static

static

3

f27bf5294d...18.exe

windows7-x64

10

f27bf5294d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f27bf5294d4a88d8615d7029e380fb7e_JaffaCakes118

  • Size

    138KB

  • Sample

    241215-f2w61sxjbn

  • MD5

    f27bf5294d4a88d8615d7029e380fb7e

  • SHA1

    e37fa93babfc4c05effc9f3a10ec98dca375b286

  • SHA256

    832d6cc3d9b3362d4740291b59b951b811ad4cb6a4d858e668169e95627abc67

  • SHA512

    5ddb8ed69ff2b274818072b4f67bf567514b18cf50fa5b8dd7f578eba5d4054ab6160f287cabafdd3b9cf00f13196d012376c5da5fe3372692fa31bc95faa257

  • SSDEEP

    3072:wBs69Nb1Acb7a6r4DtPXfjAiNt1dBbTM:wLZ6emD1XrAiJ

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://lumberlandnorth.com:8080/forum/viewtopic.php

http://mini101.ca:8080/forum/viewtopic.php

http://biogenx.net:8080/forum/viewtopic.php

http://datingandfriendfinder.net:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://longhornexcavatorsinc.com/FPrUXVvH.exe

    http://soanlahti.fi/AMF5Yh.exe

    http://hospedajefonavi.com/r4T.exe

Targets

    • Target

      f27bf5294d4a88d8615d7029e380fb7e_JaffaCakes118

    • Size

      138KB

    • MD5

      f27bf5294d4a88d8615d7029e380fb7e

    • SHA1

      e37fa93babfc4c05effc9f3a10ec98dca375b286

    • SHA256

      832d6cc3d9b3362d4740291b59b951b811ad4cb6a4d858e668169e95627abc67

    • SHA512

      5ddb8ed69ff2b274818072b4f67bf567514b18cf50fa5b8dd7f578eba5d4054ab6160f287cabafdd3b9cf00f13196d012376c5da5fe3372692fa31bc95faa257

    • SSDEEP

      3072:wBs69Nb1Acb7a6r4DtPXfjAiNt1dBbTM:wLZ6emD1XrAiJ

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks