Overview

overview

10

Static

static

3

JaffaCakes...22.exe

windows7-x64

10

JaffaCakes...22.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4c263b602c9e6d3a5b38213bfe943622

  • Size

    112KB

  • Sample

    250101-h8pfvsylay

  • MD5

    4c263b602c9e6d3a5b38213bfe943622

  • SHA1

    b9161b73916b9f71b73f6e4ba5a5ad933e9ece35

  • SHA256

    fb62d826421b033c74a94e2ab771505e40b516bf6d33768cbccf8760367d30bd

  • SHA512

    183a831ccea537595a8b6d45e0022c13ffb1197dc2c7e8fc510cab02e707dbf4e0fbaa4ef9bcbd54d4f2cad52fc5b50514e22b3dcb636b02d3771982d985d720

  • SSDEEP

    3072:edxxdOjXmWDWcpy0Q351TVZFiRqBv+X2ogaQ8:ORqwcU1p1T9WGf

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://gfpshoppingcarts.com/forum/viewtopic.php

http://gfpshoppingcarts.net/forum/viewtopic.php

http://greatstockfoodimages.com/forum/viewtopic.php

http://imhungrynow.com/forum/viewtopic.php
Attributes
  • payload_url

    http://216.14.122.151/UjH9.exe

    http://paulalfrey.com/gGSzTfJr.exe

    http://mikedang.org/jW17.exe

    http://landhausbakery.com/YKLF0Q1C.exe

Targets

    • Target

      JaffaCakes118_4c263b602c9e6d3a5b38213bfe943622

    • Size

      112KB

    • MD5

      4c263b602c9e6d3a5b38213bfe943622

    • SHA1

      b9161b73916b9f71b73f6e4ba5a5ad933e9ece35

    • SHA256

      fb62d826421b033c74a94e2ab771505e40b516bf6d33768cbccf8760367d30bd

    • SHA512

      183a831ccea537595a8b6d45e0022c13ffb1197dc2c7e8fc510cab02e707dbf4e0fbaa4ef9bcbd54d4f2cad52fc5b50514e22b3dcb636b02d3771982d985d720

    • SSDEEP

      3072:edxxdOjXmWDWcpy0Q351TVZFiRqBv+X2ogaQ8:ORqwcU1p1T9WGf

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks