Overview

overview

10

Static

static

1

JaffaCakes...a5.exe

windows7-x64

10

JaffaCakes...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_77ea7060d4568c866b6e52220484eea5

  • Size

    187KB

  • Sample

    250104-f8allawren

  • MD5

    77ea7060d4568c866b6e52220484eea5

  • SHA1

    118a649849b53c2c5b6e8c19d8e19bef50bf32ab

  • SHA256

    f0bdf8df1016d4b76df491a7ff38909e1e961cd45232d7ae976a55696e9a7e9c

  • SHA512

    93d16bd29008998615b3207007211f4867d3735abb54be14b9c585a46e12c7a831f6de0ca7add8eca127c5ce7c44b56699c9712ca113d72304d8556b264ae638

  • SSDEEP

    3072:CT8ElSg4GHhNLuPPx49TVvrvuDCvZNz174r:FNgBHh9YCVSSZf0

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://admin.vojtekracing.hu:8080/forum/viewtopic.php

http://media.vojtekracing.hu:8080/forum/viewtopic.php

http://vojtekracing.hu:8080/forum/viewtopic.php

http://195.5.208.204:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://bursamhaberim.com/i1M.exe

    http://carlahahn.de/jqYnYs8B.exe

    http://kostalde.eu/1Q25ot.exe

Targets

    • Target

      JaffaCakes118_77ea7060d4568c866b6e52220484eea5

    • Size

      187KB

    • MD5

      77ea7060d4568c866b6e52220484eea5

    • SHA1

      118a649849b53c2c5b6e8c19d8e19bef50bf32ab

    • SHA256

      f0bdf8df1016d4b76df491a7ff38909e1e961cd45232d7ae976a55696e9a7e9c

    • SHA512

      93d16bd29008998615b3207007211f4867d3735abb54be14b9c585a46e12c7a831f6de0ca7add8eca127c5ce7c44b56699c9712ca113d72304d8556b264ae638

    • SSDEEP

      3072:CT8ElSg4GHhNLuPPx49TVvrvuDCvZNz174r:FNgBHh9YCVSSZf0

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks