General

  • Target

    JaffaCakes118_a86421991263283ccd867353017bbf89

  • Size

    152KB

  • Sample

    250118-ngjdes1rbs

  • MD5

    a86421991263283ccd867353017bbf89

  • SHA1

    a13dddce633c30ddc0f4aae476d7055c5fa13d92

  • SHA256

    3544c986ce4c11e4658b52dc013953460b2d935d6e5d76bbd0cf046d2ae478ec

  • SHA512

    b2b60ae6d9c1c256965658c92b1081f6e72aab78a1a25c1aa99666b86497cb85481517a67939aaa82d69168ea090cfe1c6f0f5f123d078465efb65988e4732d0

  • SSDEEP

    3072:KRZDpCnOOMaPC39ooI7z/P5G6pcFwn1l2EQ0vqpYbb1gbu:KRFpCnOOhCW7f/Jp+S1lfz9gbu

Malware Config

Extracted

Family

pony

C2

http://1.aliciatappdesigns.net/forum/viewtopic.php

http://1.aliciatappdesigns.org/forum/viewtopic.php

Attributes
  • payload_url

    http://3073.a.hostable.me/Z2U.exe

    http://85.18.21.252/PNV3Hbi.exe

Targets

    • Target

      JaffaCakes118_a86421991263283ccd867353017bbf89

    • Size

      152KB

    • MD5

      a86421991263283ccd867353017bbf89

    • SHA1

      a13dddce633c30ddc0f4aae476d7055c5fa13d92

    • SHA256

      3544c986ce4c11e4658b52dc013953460b2d935d6e5d76bbd0cf046d2ae478ec

    • SHA512

      b2b60ae6d9c1c256965658c92b1081f6e72aab78a1a25c1aa99666b86497cb85481517a67939aaa82d69168ea090cfe1c6f0f5f123d078465efb65988e4732d0

    • SSDEEP

      3072:KRZDpCnOOMaPC39ooI7z/P5G6pcFwn1l2EQ0vqpYbb1gbu:KRFpCnOOhCW7f/Jp+S1lfz9gbu

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.