Overview

overview

10

Static

static

3

f6dedb209b...18.exe

windows7-x64

10

f6dedb209b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6dedb209bc1f4a4a74cf7e9162ce6f5_JaffaCakes118

  • Size

    156KB

  • Sample

    241216-cw4r5a1lbp

  • MD5

    f6dedb209bc1f4a4a74cf7e9162ce6f5

  • SHA1

    20d82d34cc2f20213ee1b0be8cf421eec5a89309

  • SHA256

    a22b30d0c3dfa0a1b585d67375088bd1775dfe84e7cbf3f91fe3a23fa1d35cdf

  • SHA512

    2c9645b6219400280c88d3c5d3c8352ffbe9266e8cd62f1bbd83c1c07582a3d6c9d85ed807b4be2a2e766cc0b27b5332ff0b1c4bd9677e3a234f8ab4e8c55403

  • SSDEEP

    3072:x+y723AlCfuCGPNN6wWw/tGQ8Y1ovqI9FU2b:xv9lCfupVctKtOY+hv

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://209.59.219.1/forum/viewtopic.php

http://212.58.20.11/forum/viewtopic.php
Attributes
  • payload_url

    http://bauhh.hu/iiTn.exe

    http://villageofvinton.com/MUGtaT.exe

    http://www.fox-pr.com/xVh.exe

Targets

    • Target

      f6dedb209bc1f4a4a74cf7e9162ce6f5_JaffaCakes118

    • Size

      156KB

    • MD5

      f6dedb209bc1f4a4a74cf7e9162ce6f5

    • SHA1

      20d82d34cc2f20213ee1b0be8cf421eec5a89309

    • SHA256

      a22b30d0c3dfa0a1b585d67375088bd1775dfe84e7cbf3f91fe3a23fa1d35cdf

    • SHA512

      2c9645b6219400280c88d3c5d3c8352ffbe9266e8cd62f1bbd83c1c07582a3d6c9d85ed807b4be2a2e766cc0b27b5332ff0b1c4bd9677e3a234f8ab4e8c55403

    • SSDEEP

      3072:x+y723AlCfuCGPNN6wWw/tGQ8Y1ovqI9FU2b:xv9lCfupVctKtOY+hv

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks