Overview

overview

10

Static

static

3

f6a98ae329...18.exe

windows7-x64

10

f6a98ae329...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6a98ae3298bad5149787ccaaab5e7e0_JaffaCakes118

  • Size

    95KB

  • Sample

    241216-bwb7fawrhy

  • MD5

    f6a98ae3298bad5149787ccaaab5e7e0

  • SHA1

    7369196033912eabb1c1bb86d2b7a0ee2524cd1f

  • SHA256

    d76f24e1f36a1c115d03945e27c238f260f689f3bbb749ff3d5fd34e64a2b223

  • SHA512

    aa42f6ab022cf46794232fb2d28fef29043e36a48871ab9a1be57d76cf91c38446d78186e87288532cbf69bd1aa9cb4716f35821e708527f22904e25456e93bc

  • SSDEEP

    1536:VnSOEjnOEpSZiJePXxe4/ZdX0P4AC7q/bZbEjx1PaUzHsznQZ9N70mj+qtzan0Z0:VnoSFxe4/ZdX0PB68byaUzMMZ9BSgza0

Score
10/10
ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

Malware Config

Extracted

Family

pony

C2

http://hkutydi.pw:4915/way/like.php

http://kmstykd.pw:4915/way/like.php

Targets

    • Target

      f6a98ae3298bad5149787ccaaab5e7e0_JaffaCakes118

    • Size

      95KB

    • MD5

      f6a98ae3298bad5149787ccaaab5e7e0

    • SHA1

      7369196033912eabb1c1bb86d2b7a0ee2524cd1f

    • SHA256

      d76f24e1f36a1c115d03945e27c238f260f689f3bbb749ff3d5fd34e64a2b223

    • SHA512

      aa42f6ab022cf46794232fb2d28fef29043e36a48871ab9a1be57d76cf91c38446d78186e87288532cbf69bd1aa9cb4716f35821e708527f22904e25456e93bc

    • SSDEEP

      1536:VnSOEjnOEpSZiJePXxe4/ZdX0P4AC7q/bZbEjx1PaUzHsznQZ9N70mj+qtzan0Z0:VnoSFxe4/ZdX0PB68byaUzMMZ9BSgza0

    Score
    10/10
    ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks