Overview

overview

10

Static

static

3

JaffaCakes...2f.exe

windows7-x64

10

JaffaCakes...2f.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6cd82fcdca0229b7dd6f23e171ab2d2f

  • Size

    136KB

  • Sample

    250103-qcdy9avpey

  • MD5

    6cd82fcdca0229b7dd6f23e171ab2d2f

  • SHA1

    fda02c1398cba1795882c9c6eaad010d8c77f706

  • SHA256

    770321119b1b926dff703b06c2663f39ecb26571315f7b6dd654ab6c1ad3cafd

  • SHA512

    256728a63f1f12d71a9a4ac314fa78528474d89c7494cf9f9c7a46b3819161a5324245773e173254282d86b24d0b84db2458632b48e2dc3f0969783e4b6fe647

  • SSDEEP

    3072:CehYBiqGbixW0Irn0wO0i4iHW07VGqAh:CehLG60wO0iLHW05Glh

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://190.81.149.106:8080/ponyz/gate.php

http://mail.yaklasim.com:8080/ponyz/gate.php

http://laserniptuck.com/ponyz/gate.php

http://laserpecs.com/ponyz/gate.php
Attributes
  • payload_url

    http://job.intabo.cz/cVKpr1Qa.exe

    http://acrepairroyalpalmbeach.com/sR3RfbQE.exe

    http://lazycwebhosting.com/v0cm1KR.exe

Targets

    • Target

      JaffaCakes118_6cd82fcdca0229b7dd6f23e171ab2d2f

    • Size

      136KB

    • MD5

      6cd82fcdca0229b7dd6f23e171ab2d2f

    • SHA1

      fda02c1398cba1795882c9c6eaad010d8c77f706

    • SHA256

      770321119b1b926dff703b06c2663f39ecb26571315f7b6dd654ab6c1ad3cafd

    • SHA512

      256728a63f1f12d71a9a4ac314fa78528474d89c7494cf9f9c7a46b3819161a5324245773e173254282d86b24d0b84db2458632b48e2dc3f0969783e4b6fe647

    • SSDEEP

      3072:CehYBiqGbixW0Irn0wO0i4iHW07VGqAh:CehLG60wO0iLHW05Glh

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks