Overview

overview

10

Static

static

3

JaffaCakes...00.exe

windows7-x64

10

JaffaCakes...00.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7878e2df2dade7e8ffaf2afa98d40a00

  • Size

    120KB

  • Sample

    250104-jgbw5azlat

  • MD5

    7878e2df2dade7e8ffaf2afa98d40a00

  • SHA1

    f3fab8dacd6c31f44fdb0acfed76bd9ac1923ec8

  • SHA256

    030778ea20462a1009ad30c373b3939f635fcc6f435c565fedbc6c98b39be1c8

  • SHA512

    5ef20f9aafe7669cd6c90776d6d39cd853f7804f2d114856661d2de443423d7ec280ce158606b24bf2db6fa17d778f6e69e1a5a589d03862471624337c1bd6cc

  • SSDEEP

    3072:GIDU3z73/LxF31wAf/px5ibGWjPcLqdl6DFZtZPz:uz/q2/povjPnwNZb

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://customercaddie.com/ponyz/gate.php

http://customercaddie.mobi/ponyz/gate.php

http://eventbooklet.com/ponyz/gate.php

http://eventsanywhere.mobi/ponyz/gate.php
Attributes
  • payload_url

    http://aquasarnami.com/M5gJK1.exe

    http://TWE876-SITE0011.MaxEsp.net/pvKCei.exe

    http://www.cnanprojectmanagement.com/z91AC.exe

Targets

    • Target

      JaffaCakes118_7878e2df2dade7e8ffaf2afa98d40a00

    • Size

      120KB

    • MD5

      7878e2df2dade7e8ffaf2afa98d40a00

    • SHA1

      f3fab8dacd6c31f44fdb0acfed76bd9ac1923ec8

    • SHA256

      030778ea20462a1009ad30c373b3939f635fcc6f435c565fedbc6c98b39be1c8

    • SHA512

      5ef20f9aafe7669cd6c90776d6d39cd853f7804f2d114856661d2de443423d7ec280ce158606b24bf2db6fa17d778f6e69e1a5a589d03862471624337c1bd6cc

    • SSDEEP

      3072:GIDU3z73/LxF31wAf/px5ibGWjPcLqdl6DFZtZPz:uz/q2/povjPnwNZb

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks