Overview

overview

10

Static

static

3

JaffaCakes...d0.exe

windows7-x64

10

JaffaCakes...d0.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6682c199f3c745dd30d530732e69c3d0

  • Size

    119KB

  • Sample

    250102-t2wr5syjfv

  • MD5

    6682c199f3c745dd30d530732e69c3d0

  • SHA1

    033c661d770ec0c0dbcb2d1e9ee97c89ffb24d5a

  • SHA256

    168aec90d07e5b40dfb003a09d1b936c88898c83f944957a6b007dc15f1c882d

  • SHA512

    7162e878272b707936160a013bff6c9d38b89a2ae452457de699e3467a0f5c5fa3c96d4113b826ba08ce9fdbe8d15dec697507321f3dfe8eba9cf19c8813f3a9

  • SSDEEP

    3072:G9I9pjpb8US0OXF0BbQWHPAseqHz7kh09:qlUA0Bb/neqz9

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://116.122.158.195:8080/ponys/gate.php

http://4rentlincoln.com/ponys/gate.php

http://4rentlongbeach.com/ponys/gate.php

http://4rentlosangeles.com/ponys/gate.php
Attributes
  • payload_url

    http://dave.www.ontera.net/LVCrgvCb.exe

    http://www.pc-dienst-beck.de/8DM3o3pG.exe

    http://privatesavings.ca/xbDQUEFi.exe

    http://spireportal.net/Q19pE.exe

Targets

    • Target

      JaffaCakes118_6682c199f3c745dd30d530732e69c3d0

    • Size

      119KB

    • MD5

      6682c199f3c745dd30d530732e69c3d0

    • SHA1

      033c661d770ec0c0dbcb2d1e9ee97c89ffb24d5a

    • SHA256

      168aec90d07e5b40dfb003a09d1b936c88898c83f944957a6b007dc15f1c882d

    • SHA512

      7162e878272b707936160a013bff6c9d38b89a2ae452457de699e3467a0f5c5fa3c96d4113b826ba08ce9fdbe8d15dec697507321f3dfe8eba9cf19c8813f3a9

    • SSDEEP

      3072:G9I9pjpb8US0OXF0BbQWHPAseqHz7kh09:qlUA0Bb/neqz9

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks