Overview

overview

10

Static

static

3

fax00011{D...]}.exe

windows7-x64

10

fax00011{D...]}.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6fe1e3dcaf0a60f19cdccda5c9254cfa

  • Size

    179KB

  • Sample

    250103-1fz11avkbw

  • MD5

    6fe1e3dcaf0a60f19cdccda5c9254cfa

  • SHA1

    3fd959e8b31dab648f43b34c7cc20108fac62db3

  • SHA256

    dc67d1c6ee37673c0ad59409d1bcd05b07921d7f5799ca5ed1b290416c9a8063

  • SHA512

    4f5add9d25cb3e42cc47b3159ff450d1e63484f6d07d0362c04d947d9ad796b113d7067b29c1f3489e5ee1b74797166c992ac522aa98628cb72dced54eee3c39

  • SSDEEP

    3072:TQMuyJAajewh0WEOXPU8/87Z6iz+54DleM4/Nxe44j+Ye:fJvjevyUgw6iW4Dor/

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://korbi.va-techniker.de:8080/forum/viewtopic.php

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://gorgeousbodysculpt.com/forum/viewtopic.php

http://gorgeouswithinreach.com/forum/viewtopic.php
Attributes
  • payload_url

    http://204.93.165.68/KQecCgi.exe

    http://myshoppingbusiness.com/N1jNU7oo.exe

    http://apagmbh.de/1KHahg0e.exe

Targets

    • Target

      fax00011{DIGIT[4]}.exe

    • Size

      131KB

    • MD5

      9fb9f78b1c4d6eed6512af0604bccede

    • SHA1

      4fbbee7ebfe984afbcf3bb656cb838e86c311543

    • SHA256

      367ded0441620ab8d7f62be4d49dae27464b4e20489552dd4bbddd6d09c78a5c

    • SHA512

      3a147453d155dc3779d0d49d0037ca6f2abd325713dbfcce1a46e210a6e4f896f71e86ca91e2367952b3d17b3e2b9265942e825b6d3fb0da6ca8db5277aaecd1

    • SSDEEP

      3072:A0xHf7zP2uVgLst8/87Z6iz+540Ued5hcU:1x/7Susmgw6iW40UeLi

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks