General

  • Target

    f9af548e2c4d65420221d5885ed92a47_JaffaCakes118

  • Size

    99KB

  • Sample

    241218-cj3z3azjck

  • MD5

    f9af548e2c4d65420221d5885ed92a47

  • SHA1

    6b75c426da781cc370d83a10fb83b94277cf2d94

  • SHA256

    48459a24a4b40dd6516adc23d8118c9f50bfa322413729fd2fdf7759f1a9f8cf

  • SHA512

    6a958ceafaab855ce00182febc750a9b03decb944c75411e94a4e0ed0a4741e2dbcfcb371deb62a07412aef571b8a91f438585bc3499bb61a8d2846213e6b5bf

  • SSDEEP

    3072:lS1CNNOcVtbfID70pbjrxwD7e6ibEkz7:8CNoQbfID7II7e6ibb

Malware Config

Extracted

Family

pony

C2

http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php

Targets

    • Target

      f9af548e2c4d65420221d5885ed92a47_JaffaCakes118

    • Size

      99KB

    • MD5

      f9af548e2c4d65420221d5885ed92a47

    • SHA1

      6b75c426da781cc370d83a10fb83b94277cf2d94

    • SHA256

      48459a24a4b40dd6516adc23d8118c9f50bfa322413729fd2fdf7759f1a9f8cf

    • SHA512

      6a958ceafaab855ce00182febc750a9b03decb944c75411e94a4e0ed0a4741e2dbcfcb371deb62a07412aef571b8a91f438585bc3499bb61a8d2846213e6b5bf

    • SSDEEP

      3072:lS1CNNOcVtbfID70pbjrxwD7e6ibEkz7:8CNoQbfID7II7e6ibb

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks