General

  • Target

    fb90727bc2963c905fb7c58186117a3f_JaffaCakes118

  • Size

    164KB

  • Sample

    241218-pterfayqds

  • MD5

    fb90727bc2963c905fb7c58186117a3f

  • SHA1

    51fd33dad0d52c452ab8f53aadf3f1e31f73e099

  • SHA256

    e5031142a1cbd692d2d52fd56303e546515f052998f8c511aae2a5df8d70bfa3

  • SHA512

    6cdffc55195c5dd89347c699cb38daa23d86eed91d0873a956a0af81ef39c5cb9f1d59c3126f67062744e9a229406a6b4a5007e5b80803bb91fa8acd6e169323

  • SSDEEP

    3072:xoAyE5h6acBF18N5aSaJkr+mVOTaIMBf0Ln/UXgVhcZOLFeOm:xByE5caYSN5aTJkqmVOOeLncXgjm

Malware Config

Extracted

Family

pony

C2

http://149.255.99.32:8080/forum/viewtopic.php

http://69.163.40.128/forum/viewtopic.php

Attributes
  • payload_url

    http://realitycoaching.es/pm3Wi2bw.exe

    http://www.10130138.wavelearn.de/o2DtCsW.exe

    http://xmacorporation.com/ajaxam.js/7Gg10T4.exe

Targets

    • Target

      fb90727bc2963c905fb7c58186117a3f_JaffaCakes118

    • Size

      164KB

    • MD5

      fb90727bc2963c905fb7c58186117a3f

    • SHA1

      51fd33dad0d52c452ab8f53aadf3f1e31f73e099

    • SHA256

      e5031142a1cbd692d2d52fd56303e546515f052998f8c511aae2a5df8d70bfa3

    • SHA512

      6cdffc55195c5dd89347c699cb38daa23d86eed91d0873a956a0af81ef39c5cb9f1d59c3126f67062744e9a229406a6b4a5007e5b80803bb91fa8acd6e169323

    • SSDEEP

      3072:xoAyE5h6acBF18N5aSaJkr+mVOTaIMBf0Ln/UXgVhcZOLFeOm:xByE5caYSN5aTJkqmVOOeLncXgjm

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.