Overview

overview

10

Static

static

3

JaffaCakes...80.exe

windows7-x64

10

JaffaCakes...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_54de0acf7616e8d7374b9f9e266c0580

  • Size

    115KB

  • Sample

    250101-pjswbaxkbr

  • MD5

    54de0acf7616e8d7374b9f9e266c0580

  • SHA1

    9af25d3f9d1a86328eed705f1cd2f7290efe96a1

  • SHA256

    11b9337d258d446c87983252537b3e6bb9ed7cb42401a5fd3931dc9cfb63e784

  • SHA512

    e7c4b2d1fce623425bde3d3f473fa773ce9b74770fe8a530f3a8cf3efd56731fcd31567e85e01edb4fad1d471b830c6988eac0669e9b389532fc6c2d4259eed0

  • SSDEEP

    3072:23kS+bkLyJqgy42kORbTf3vcDUfzU/k8:WFo2kOFw8zp

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://jtmccarter.com/ponyz/gate.php

http://mccarterfam.com/ponyz/gate.php

http://thepalms-palmdesert.com/ponyz/gate.php

http://thepalms-pd.com/ponyz/gate.php
Attributes
  • payload_url

    http://www.acmestore.it/L4cWn.exe

    http://server.autobeschriftung.at/nEjcrEA.exe

    http://test.iboitalia.org/C7oaNwB.exe

Targets

    • Target

      JaffaCakes118_54de0acf7616e8d7374b9f9e266c0580

    • Size

      115KB

    • MD5

      54de0acf7616e8d7374b9f9e266c0580

    • SHA1

      9af25d3f9d1a86328eed705f1cd2f7290efe96a1

    • SHA256

      11b9337d258d446c87983252537b3e6bb9ed7cb42401a5fd3931dc9cfb63e784

    • SHA512

      e7c4b2d1fce623425bde3d3f473fa773ce9b74770fe8a530f3a8cf3efd56731fcd31567e85e01edb4fad1d471b830c6988eac0669e9b389532fc6c2d4259eed0

    • SSDEEP

      3072:23kS+bkLyJqgy42kORbTf3vcDUfzU/k8:WFo2kOFw8zp

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks