Overview

overview

10

Static

static

3

JaffaCakes...85.exe

windows7-x64

10

JaffaCakes...85.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6d08e34fb4e80de4223622b6d6983685

  • Size

    128KB

  • Sample

    250103-qy6ldszlam

  • MD5

    6d08e34fb4e80de4223622b6d6983685

  • SHA1

    69c568932192e716c00e99a87f2273d0f86f13b0

  • SHA256

    be42226434f831e76bd33e0d3c3ca4064c928ed50a2f2cade61a0334b997fc88

  • SHA512

    636e6d6286d6d24bcd8699b47e8c72c560bc72773d4c050c527d874699ecb4fdc62b9bc833c5cfcf66c429bf5a52a9aee9d4dc8b1ce7401c305b3dca6f983e47

  • SSDEEP

    3072:DkCcdNAsa2LLB1sAr5Ba++/qAswIJH2+3mDDPeQkiFkRcOYnlZBb:41MMfBHe/qA8k+3uPD

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://htlounge.com:8080/forum/viewtopic.php

http://bigfishllc.com:81/forum/viewtopic.php

http://23.localizetoday.net/forum/viewtopic.php

http://23.mrelectricdenver.com/forum/viewtopic.php
Attributes
  • payload_url

    http://mystylingroom.com/gnom.exe

    http://distritomexico.com/gnom.exe

    http://198.104.181.133/gnom.exe

Targets

    • Target

      JaffaCakes118_6d08e34fb4e80de4223622b6d6983685

    • Size

      128KB

    • MD5

      6d08e34fb4e80de4223622b6d6983685

    • SHA1

      69c568932192e716c00e99a87f2273d0f86f13b0

    • SHA256

      be42226434f831e76bd33e0d3c3ca4064c928ed50a2f2cade61a0334b997fc88

    • SHA512

      636e6d6286d6d24bcd8699b47e8c72c560bc72773d4c050c527d874699ecb4fdc62b9bc833c5cfcf66c429bf5a52a9aee9d4dc8b1ce7401c305b3dca6f983e47

    • SSDEEP

      3072:DkCcdNAsa2LLB1sAr5Ba++/qAswIJH2+3mDDPeQkiFkRcOYnlZBb:41MMfBHe/qA8k+3uPD

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks